GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
340 advisories
Filter by severity
OS Command Injection in devcert-sanscache
Critical
CVE-2019-10778
was published
for
devcert-sanscache
(npm)
Apr 14, 2020
curlrequest allows execution of arbitrary commands
Critical
CVE-2020-7646
was published
for
curlrequest
(npm)
May 13, 2020
OS command injection in aws-lambda
Critical
CVE-2019-10777
was published
for
aws-lambda
(npm)
Feb 14, 2020
OS command injection in git-diff-apply
Critical
CVE-2019-10776
was published
for
git-diff-apply
(npm)
Feb 14, 2020
codecov NPM module allows remote attackers to execute arbitrary commands
High
CVE-2020-7597
was published
for
codecov
(npm)
Feb 19, 2020
Electron protocol handler browser vulnerable to Command Injection
High
CVE-2018-1000118
was published
for
electron
(npm)
Mar 26, 2018
Command Injection in macaddress
Critical
CVE-2018-13797
was published
for
macaddress
(npm)
Sep 6, 2018
OS Command Injection in craftercms:crafter-studio
High
CVE-2018-19907
was published
for
org.craftercms:crafter-studio
(Maven)
Dec 19, 2018
Remote Code Execution in electron
High
CVE-2018-1000006
was published
for
electron
(npm)
Jan 23, 2018
Command Injection in Kylin
Critical
CVE-2020-13925
was published
for
org.apache.kylin:kylin-server-base
(Maven)
Jul 27, 2020
Command Injection in git-tags-remote
High
GHSA-gm9x-q798-hmr4
was published
for
git-tags-remote
(npm)
Jul 29, 2020
Command Injection Vulnerability in systeminformation
Moderate
CVE-2020-26274
was published
for
systeminformation
(npm)
Dec 16, 2020
Command injection in codecov (npm package)
Moderate
CVE-2020-15123
was published
for
codecov
(npm)
Jul 20, 2020
Prototype Pollution in systeminformation
Moderate
CVE-2020-26245
was published
for
systeminformation
(npm)
Nov 27, 2020
OS Command Injection in node-notifier
Moderate
CVE-2020-7789
was published
for
node-notifier
(npm)
Dec 21, 2020
Exposure of server configuration in github.com/go-vela/server
High
CVE-2020-26294
was published
for
github.com/go-vela/compiler
(Go)
Feb 15, 2022
Arbitrary Command Injection due to Improper Command Sanitization
Moderate
GHSA-hxwm-x553-x359
was published
for
@npmcli/git
(npm)
Aug 5, 2021
OS Command Injection in node-opencv
Critical
CVE-2019-10061
was published
for
opencv
(npm)
Oct 12, 2021
Growl before 1.10.0 vulnerable to Command Injection
Critical
CVE-2017-16042
was published
for
growl
(npm)
Jun 8, 2018
Arbitrary Code Execution in require-node
Critical
GHSA-8j6j-4h2c-c65p
was published
for
require-node
(npm)
Sep 3, 2020
thenify before 3.3.1 made use of unsafe calls to `eval`.
Critical
CVE-2020-7677
was published
for
org.webjars.npm:thenify
(Maven)
Jul 18, 2022
OS Command Injection in awesome spawn
Critical
CVE-2014-0156
was published
for
awesome_spawn
(RubyGems)
Jul 1, 2022
Command Injection in CasaOS
Critical
CVE-2022-24193
was published
for
github.com/IceWhaleTech/CasaOS
(Go)
Mar 11, 2022
ProTip!
Advisories are also available from the
GraphQL API