Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,462
Erlang
33
GitHub Actions
22
Go
2,159
Maven
5,000+
npm
3,820
NuGet
696
pip
3,502
Pub
12
RubyGems
903
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

350 advisories

Loading
Apache Spark UI can allow impersonation if ACLs enabled High
CVE-2022-33891 was published for org.apache.spark:spark-parent_2.12 (Maven) Jul 19, 2022
thenify before 3.3.1 made use of unsafe calls to `eval`. Critical
CVE-2020-7677 was published for org.webjars.npm:thenify (Maven) Jul 18, 2022
OS Command Injection in awesome spawn Critical
CVE-2014-0156 was published for awesome_spawn (RubyGems) Jul 1, 2022
BenK0lin
Code injection in Apache NiFi and NiFi Registry High
CVE-2022-33140 was published for org.apache.nifi.registry:nifi-registry-core (Maven) Jun 16, 2022
kurt-r2c
OS Command Injection in cookiecutter Critical
CVE-2022-24065 was published for cookiecutter (pip) Jun 9, 2022
OS Command Injection in file editor in Gogs Critical
CVE-2022-1986 was published for gogs.io/gogs (Go) Jun 8, 2022
1135
OS Command Injection in s3-uploader High
CVE-2021-34084 was published for s3-uploader (npm) Jun 3, 2022
Command injection in google-it High
CVE-2021-34083 was published for google-it (npm) Jun 3, 2022
OS Command Injection in proctree High
CVE-2021-34082 was published for proctree (npm) Jun 3, 2022
OS Command injection in ssl-utils High
CVE-2021-34080 was published for ssl-utils (npm) Jun 3, 2022
OS Command Injection in lifion-verify-deps High
CVE-2021-34078 was published for lifion-verify-deps (npm) Jun 3, 2022
OS Command Injection in gitsome High
CVE-2021-34081 was published for gitsome (npm) Jun 3, 2022
OS Command Injection in gogs Critical
CVE-2021-32546 was published for gogs.io/gogs (Go) Jun 2, 2022
unicorn-security-team
OS Command Injection in gogs Critical
CVE-2022-1884 was published for gogs.io/gogs (Go) Jun 2, 2022
1135
sharp vulnerable to Command Injection in post-installation over build environment Moderate
CVE-2022-29256 was published for sharp (npm) Jun 1, 2022
dwisiswant0
Apache Superset OS Command Injection High
CVE-2020-13948 was published for apache-superset (pip) May 24, 2022
Command Injection in SaltStack Salt High
CVE-2021-31607 was published for salt (pip) May 24, 2022
SaltStack Salt command injection via a crafted process name High
CVE-2020-28243 was published for salt (pip) May 24, 2022
Magento OS Command Injection Critical
CVE-2021-21018 was published for magento/community-edition (Composer) May 24, 2022
Magento OS command injection via the WebAPI Critical
CVE-2021-21016 was published for magento/community-edition (Composer) May 24, 2022
Magento OS command injection via the customer attribute save controller High
CVE-2021-21015 was published for magento/community-edition (Composer) May 24, 2022
Zen Cart vulnerable to authenticated remote code execution High
CVE-2021-3291 was published for zencart/zencart (Composer) May 24, 2022
ClusterLabs crmsh vulnerable to shell code injection High
CVE-2020-35459 was published for crmsh (pip) May 24, 2022
SaltStack Salt Command Injection in netapi ssh client Critical
CVE-2020-16846 was published for salt (pip) May 24, 2022
System command execution vulnerability in Selection tasks Jenkins Plugin High
CVE-2020-2276 was published for org.jvnet.hudson.plugins:selection-tasks-plugin (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database