Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,462
Erlang
33
GitHub Actions
22
Go
2,159
Maven
5,000+
npm
3,820
NuGet
696
pip
3,502
Pub
12
RubyGems
903
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,461 advisories

Loading
OS command injection in ripgrep Critical
CVE-2021-3013 was published for grep-cli (Rust) Aug 5, 2021
Arbitrary Command Injection due to Improper Command Sanitization Moderate
GHSA-hxwm-x553-x359 was published for @npmcli/git (npm) Aug 5, 2021
tyage
OS Command Injection in OpenTSDB Critical
CVE-2020-35476 was published for net.opentsdb:opentsdb (Maven) Aug 2, 2021
OS Command Injection in Locutus Critical
CVE-2020-13619 was published for locutus (npm) Jul 26, 2021
Hugo can execute a binary from the current directory on Windows High
CVE-2020-26284 was published for github.com/gohugoio/hugo (Go) Jun 23, 2021
Ry0taK
Command Injection in Centreon High
CVE-2020-13252 was published for centreon/centreon (Composer) Jun 22, 2021
Shell command injection in Apache Syncope High
CVE-2020-11977 was published for org.apache.syncope:syncope (Maven) Jun 16, 2021
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE Critical
CVE-2021-32682 was published for studio-42/elfinder (Composer) Jun 16, 2021
thomas-chauchefoin-sonarsource
OS Command Injection in baserCMS High
CVE-2021-20682 was published for baserproject/basercms (Composer) Jun 8, 2021
Remote Command Execution in reg-keygen-git-hash-plugin High
CVE-2021-32673 was published for reg-keygen-git-hash-plugin (npm) Jun 8, 2021
progfay
OS Command Injection in jw.util Critical
CVE-2020-13388 was published for jw.util (pip) Jun 2, 2021
apiconnect-cli-plugins vulnerable to OS Command Injection Critical
CVE-2020-7633 was published for apiconnect-cli-plugins (npm) May 24, 2021
Injection and Command Injection in devcert High
CVE-2020-8186 was published for devcert (npm) May 18, 2021
OS Command Injection in mversion Moderate
CVE-2020-7688 was published for mversion (npm) May 17, 2021
OS Command Injection in wifiscanner Critical
CVE-2020-15362 was published for wifiscanner (npm) May 17, 2021
OS Command Injection in pomelo-monitor Critical
CVE-2020-7620 was published for pomelo-monitor (npm) May 10, 2021
Command injection in get-git-data Critical
CVE-2020-7619 was published for get-git-data (npm) May 10, 2021
OS Command Injection in ng-packagr Moderate
CVE-2020-7735 was published for ng-packagr (npm) May 7, 2021
OS Command Injection in pulverizr Critical
CVE-2020-7604 was published for pulverizr (npm) May 7, 2021
OS Command Injection in node-prompt-here Critical
CVE-2020-7602 was published for node-prompt-here (npm) May 7, 2021
OS Command Injection in closure-compiler-stream Critical
CVE-2020-7603 was published for closure-compiler-stream (npm) May 7, 2021
OS Command Injection in gulp-scss-lint Critical
CVE-2020-7601 was published for gulp-scss-lint (npm) May 7, 2021
OS Command Injection in gulp-tape Critical
CVE-2020-7605 was published for gulp-tape (npm) May 7, 2021
OS Command Injection in gulkp-styledocco Critical
CVE-2020-7607 was published for gulp-styledocco (npm) May 7, 2021
OS Command Injection in docker-compose-remote-api Critical
CVE-2020-7606 was published for docker-compose-remote-api (npm) May 7, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database