Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,658
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,939
npm
3,471
NuGet
603
pip
2,986
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,998 advisories

Command Injection in fs-path High
GHSA-gc94-6w89-hpqr was published for fs-path (npm) Jun 12, 2019
Mooninaut
Command Injection in open Critical
GHSA-28xh-wpgr-7fm8 was published for open (npm) Jun 20, 2019
High severity vulnerability that affects indico High
GHSA-67cx-rhhq-mfhq was published for indico (pip) Oct 11, 2019
Remote code execution in PHPMailer Critical
CVE-2016-10045 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
Remote code execution in PHPMailer Critical
CVE-2016-10033 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
Command injection in node-dns-sync High
CVE-2020-11079 was published for dns-sync (npm) May 28, 2020
Potential CSV Injection vector in OctoberCMS Moderate
CVE-2020-5299 was published for october/backend (Composer) Jun 3, 2020
staz0t
Command injection in mversion High
CVE-2020-4059 was published for mversion (npm) Jun 18, 2020
Command Injection in standard-version Moderate
GHSA-7xcx-6wjh-7xp2 was published for standard-version (npm) Jul 13, 2020
Remote code execution in Apache Airflow High
CVE-2020-11978 was published for apache-airflow (pip) Jul 27, 2020
sunSUNQ
Unauthenticated Remote Command Injection in ep_imageconvert High
CVE-2013-3364 was published for ep_imageconvert (npm) Aug 31, 2020
Command Injection in ungit Critical
CVE-2015-4130 was published for ungit (npm) Aug 31, 2020
Command Injection in gm Critical
CVE-2015-7982 was published for gm (npm) Sep 1, 2020
Command Injection in pidusage Critical
CVE-2017-16034 was published for pidusage (npm) Sep 1, 2020
Command Injection in ascii-art Low
GHSA-9hqj-38j2-5jgm was published for ascii-art (npm) Sep 1, 2020
Command Injection in samsung-remote Critical
GHSA-xhjx-mfr6-9rr4 was published for samsung-remote (npm) Sep 1, 2020
Command Injection in bestzip Critical
GHSA-4qqc-mp5f-ccv4 was published for bestzip (npm) Sep 2, 2020
Command Injection in tomato High
GHSA-wqhw-frpx-5mmp was published for tomato (npm) Sep 2, 2020
Command Injection in cocos-utils High
GHSA-rffp-mc78-wjf7 was published for cocos-utils (npm) Sep 2, 2020
Command Injection in node-wifi Critical
GHSA-4x6x-782q-jfc4 was published for node-wifi (npm) Sep 3, 2020
Command Injection in expressfs High
GHSA-mxmj-84q8-34r7 was published for expressfs (npm) Sep 3, 2020
Command Injection in addax High
GHSA-4q8f-5xxj-946r was published for addax (npm) Sep 3, 2020
Command Injection in priest-runner Critical
GHSA-9px9-f7jw-fwhj was published for priest-runner (npm) Sep 3, 2020
pullit vulnerable to command injection High
CVE-2018-25083 was published for pullit (npm) Sep 3, 2020
lirantal
Command Injection in local-devices High
GHSA-w725-67p7-xv22 was published for local-devices (npm) Sep 3, 2020
tdunlap607
ProTip! Advisories are also available from the GraphQL API