GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,828
Erlang
29
GitHub Actions
16
Go
1,715
Maven
4,950
npm
3,480
NuGet
605
pip
3,023
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,859 advisories
Filter by severity
Yarn Improper link resolution before file access (Link Following)
High
CVE-2019-10773
was published
for
yarn
(npm)
Feb 14, 2020
codecov NPM module allows remote attackers to execute arbitrary commands
High
CVE-2020-7597
was published
for
codecov
(npm)
Feb 19, 2020
Reflected XSS in SilverStripe
Moderate
CVE-2019-19325
was published
for
silverstripe/framework
(Composer)
Feb 24, 2020
OS Command Injection in devcert-sanscache
Critical
CVE-2019-10778
was published
for
devcert-sanscache
(npm)
Apr 14, 2020
Command Injection in npm-programmatic
Critical
CVE-2020-7614
was published
for
npm-programmatic
(npm)
Apr 23, 2020
curlrequest allows execution of arbitrary commands
Critical
CVE-2020-7646
was published
for
curlrequest
(npm)
May 13, 2020
Command injection in codecov (npm package)
Moderate
CVE-2020-15123
was published
for
codecov
(npm)
Jul 20, 2020
Remote code execution in Apache Airflow
High
CVE-2020-11978
was published
for
apache-airflow
(pip)
Jul 27, 2020
Command injection via Celery broker in Apache Airflow
Critical
CVE-2020-11981
was published
for
apache-airflow
(pip)
Jul 27, 2020
Command Injection in Kylin
Critical
CVE-2020-13925
was published
for
org.apache.kylin:kylin-server-base
(Maven)
Jul 27, 2020
Command Injection in Kylin
High
CVE-2020-1956
was published
for
org.apache.kylin:kylin-core-common
(Maven)
Jul 27, 2020
Command Injection in git-tags-remote
High
GHSA-gm9x-q798-hmr4
was published
for
git-tags-remote
(npm)
Jul 29, 2020
Command Execution in windows-cpu
Critical
CVE-2017-1000219
was published
for
windows-cpu
(npm)
Sep 1, 2020
Command Injection in node-rules
High
GHSA-8whr-v3gm-w8h9
was published
for
node-rules
(npm)
Sep 3, 2020
Arbitrary Code Execution in require-node
Critical
GHSA-8j6j-4h2c-c65p
was published
for
require-node
(npm)
Sep 3, 2020
Markdown-supplied Shell Command Execution
Critical
CVE-2020-15271
was published
for
lookatme
(pip)
Oct 27, 2020
systeminformation command injection vulnerability
High
CVE-2020-7752
was published
for
systeminformation
(npm)
Oct 27, 2020
Command Injection in systeminformation
Moderate
CVE-2020-26300
was published
for
systeminformation
(npm)
Oct 27, 2020
XStream can be used for Remote Code Execution
High
CVE-2020-26217
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Nov 16, 2020
Prototype Pollution in systeminformation
Moderate
CVE-2020-26245
was published
for
systeminformation
(npm)
Nov 27, 2020
ProTip!
Advisories are also available from the
GraphQL API