Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

155 advisories

global-modules-path Command Injection vulnerability Critical
CVE-2022-21191 was published for global-modules-path (npm) Jan 13, 2023
gry vulnerable to Command Injection High
CVE-2020-36650 was published for gry (npm) Jan 11, 2023
wifey vulnerable to Command Injection due to improper input sanitization Critical
CVE-2022-25890 was published for wifey (npm) Jan 9, 2023
exec-local-bin vulnerable to Command Injection Critical
CVE-2022-25923 was published for exec-local-bin (npm) Jan 6, 2023
window-control vulnerable to Command Injection due to improper input sanitization High
CVE-2022-25926 was published for window-control (npm) Jan 4, 2023
cycle-import-check vulnerable to Command Injection Critical
CVE-2022-24377 was published for cycle-import-check (npm) Dec 14, 2022
Font-Converter Vulnerable to Arbitrary Command Injection Critical
CVE-2022-21165 was published for font-converter (npm) Aug 29, 2022
@actions/core has Delimiter Injection Vulnerability in exportVariable Moderate
CVE-2022-35954 was published for @actions/core (npm) Aug 18, 2022
jupenur
@acrontum/filesystem-template vulnerable to Command Injection due to fetchRepo API missing sanitization Critical
CVE-2022-21186 was published for @acrontum/filesystem-template (npm) Aug 6, 2022
curljs Command Injection vulnerability Critical
CVE-2020-28425 was published for curljs (npm) Aug 3, 2022
gitblame susceptible to command injection Critical
CVE-2020-28434 was published for gitblame (npm) Aug 3, 2022
get-npm-package-version Command Injection vulnerability Critical
CVE-2020-7795 was published for get-npm-package-version (npm) Aug 3, 2022
heroku-env susceptible to command injection Critical
CVE-2020-28437 was published for heroku-env (npm) Aug 3, 2022
image-tiler susceptible to command injection Critical
CVE-2020-28451 was published for image-tiler (npm) Aug 3, 2022
node-latex-pdf is susceptible to command injection Critical
CVE-2020-28433 was published for node-latex-pdf (npm) Aug 3, 2022
npos-tesseract Command Injection vulnerability Critical
CVE-2020-28453 was published for npos-tesseract (npm) Aug 3, 2022
monorepo-build Command Injection vulnerability Critical
CVE-2020-28423 was published for monorepo-build (npm) Aug 3, 2022
ffmpeg-sdk vulnerable to OS Command Injection Critical
CVE-2020-28435 was published for ffmpeg-sdk (npm) Jul 26, 2022
google-cloudstorage-commands Command Injection vulnerability Critical
CVE-2020-28436 was published for google-cloudstorage-commands (npm) Jul 26, 2022
git-archive vulnerable to Command Injection via exports function High
CVE-2020-28422 was published for git-archive (npm) Jul 26, 2022
deferred-exec Command Injection vulnerability Critical
CVE-2020-28438 was published for deferred-exec (npm) Jul 26, 2022
xopen is vulnerable to OS Command Injection in Exported Function xopen(filepath) Critical
CVE-2020-28447 was published for xopen (npm) Jul 26, 2022
ntesseract vulnerable to Command Injection Critical
CVE-2020-28446 was published for ntesseract (npm) Jul 26, 2022
sonar-wrapper Command Injection vulnerability Critical
CVE-2020-28443 was published for sonar-wrapper (npm) Jul 26, 2022
Command injection in git-clone High
CVE-2022-25900 was published for git-clone (npm) Jul 2, 2022
lirantal
ProTip! Advisories are also available from the GraphQL API