GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,793
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,947
npm
3,475
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,856 advisories
Filter by severity
XStream vulnerable to an Arbitrary File Deletion on the local host when unmarshalling
Moderate
CVE-2020-26259
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Dec 21, 2020
OS Command Injection in node-notifier
Moderate
CVE-2020-7789
was published
for
node-notifier
(npm)
Dec 21, 2020
Command Injection in corenlp-js-interface
Critical
CVE-2020-28440
was published
for
corenlp-js-interface
(npm)
Dec 18, 2020
Command injection in connection-tester
Critical
CVE-2020-7781
was published
for
connection-tester
(npm)
Dec 17, 2020
Command Injection Vulnerability in systeminformation
Moderate
CVE-2020-26274
was published
for
systeminformation
(npm)
Dec 16, 2020
Prototype Pollution in systeminformation
Moderate
CVE-2020-26245
was published
for
systeminformation
(npm)
Nov 27, 2020
XStream can be used for Remote Code Execution
High
CVE-2020-26217
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Nov 16, 2020
Command Injection in systeminformation
Moderate
CVE-2020-26300
was published
for
systeminformation
(npm)
Oct 27, 2020
systeminformation command injection vulnerability
High
CVE-2020-7752
was published
for
systeminformation
(npm)
Oct 27, 2020
Markdown-supplied Shell Command Execution
Critical
CVE-2020-15271
was published
for
lookatme
(pip)
Oct 27, 2020
Arbitrary Code Execution in require-node
Critical
GHSA-8j6j-4h2c-c65p
was published
for
require-node
(npm)
Sep 3, 2020
Command Injection in node-rules
High
GHSA-8whr-v3gm-w8h9
was published
for
node-rules
(npm)
Sep 3, 2020
Command Execution in windows-cpu
Critical
CVE-2017-1000219
was published
for
windows-cpu
(npm)
Sep 1, 2020
Command Injection in git-tags-remote
High
GHSA-gm9x-q798-hmr4
was published
for
git-tags-remote
(npm)
Jul 29, 2020
Command Injection in Kylin
High
CVE-2020-1956
was published
for
org.apache.kylin:kylin-core-common
(Maven)
Jul 27, 2020
Command Injection in Kylin
Critical
CVE-2020-13925
was published
for
org.apache.kylin:kylin-server-base
(Maven)
Jul 27, 2020
Remote code execution in Apache Airflow
High
CVE-2020-11978
was published
for
apache-airflow
(pip)
Jul 27, 2020
Command injection via Celery broker in Apache Airflow
Critical
CVE-2020-11981
was published
for
apache-airflow
(pip)
Jul 27, 2020
Command injection in codecov (npm package)
Moderate
CVE-2020-15123
was published
for
codecov
(npm)
Jul 20, 2020
curlrequest allows execution of arbitrary commands
Critical
CVE-2020-7646
was published
for
curlrequest
(npm)
May 13, 2020
ProTip!
Advisories are also available from the
GraphQL API