Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,869
Erlang
29
GitHub Actions
16
Go
1,717
Maven
4,951
npm
3,480
NuGet
605
pip
3,026
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,859 advisories

OS Command Injection in craftercms:crafter-studio High
CVE-2018-19907 was published for org.craftercms:crafter-studio (Maven) Dec 19, 2018
Remote Code Execution in electron High
CVE-2018-1000006 was published for electron (npm) Jan 23, 2018
Command Injection in macaddress Critical
CVE-2018-13797 was published for macaddress (npm) Sep 6, 2018
Electron protocol handler browser vulnerable to Command Injection High
CVE-2018-1000118 was published for electron (npm) Mar 26, 2018
codecov NPM module allows remote attackers to execute arbitrary commands High
CVE-2020-7597 was published for codecov (npm) Feb 19, 2020
OS command injection in aws-lambda Critical
CVE-2019-10777 was published for aws-lambda (npm) Feb 14, 2020
OS command injection in git-diff-apply Critical
CVE-2019-10776 was published for git-diff-apply (npm) Feb 14, 2020
curlrequest allows execution of arbitrary commands Critical
CVE-2020-7646 was published for curlrequest (npm) May 13, 2020
OS Command Injection in devcert-sanscache Critical
CVE-2019-10778 was published for devcert-sanscache (npm) Apr 14, 2020
ProTip! Advisories are also available from the GraphQL API