GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,869
Erlang
29
GitHub Actions
16
Go
1,717
Maven
4,951
npm
3,480
NuGet
605
pip
3,026
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+
153 advisories
Filter by severity
sharp vulnerable to Command Injection in post-installation over build environment
Moderate
CVE-2022-29256
was published
for
sharp
(npm)
Jun 1, 2022
chrome-launcher subject to OS Command Injection
Critical
CVE-2020-7645
was published
for
chrome-launcher
(npm)
May 24, 2022
Clamscan vulnerable to command injection
High
CVE-2020-7613
was published
for
clamscan
(npm)
May 24, 2022
Improper Neutralization of Special Elements used in an OS Command in Blamer
Critical
CVE-2019-10807
was published
for
blamer
(npm)
May 24, 2022
promise-probe OS command injection vulnerability
Critical
CVE-2019-10791
was published
for
promise-probe
(npm)
May 24, 2022
Treekill Enables OS Command Injection
Critical
CVE-2019-15598
was published
for
tree-kill
(npm)
May 24, 2022
Electron vulnerable to remote command execution
High
CVE-2017-12581
was published
for
electron
(npm)
May 17, 2022
fs-git command injection vulnerability
High
CVE-2017-1000451
was published
for
fs-git
(npm)
May 13, 2022
PIDUsage Enables OS Command Injection
Critical
CVE-2017-1000220
was published
for
pidusage
(npm)
May 13, 2022
OS Command Injection in git-pull-or-clone
Critical
CVE-2022-24437
was published
for
git-pull-or-clone
(npm)
May 3, 2022
Command injection in git-interface
Critical
CVE-2022-1440
was published
for
git-interface
(npm)
Apr 23, 2022
OS Command Injection in GenieACS
Critical
CVE-2021-46704
was published
for
genieacs
(npm)
Mar 7, 2022
OS Command injection in npm-lockfile
Critical
CVE-2022-0841
was published
for
npm-lockfile
(npm)
Mar 4, 2022
Exposure of home directory through shescape on Unix with Bash
Moderate
CVE-2022-24725
was published
for
shescape
(npm)
Mar 3, 2022
OS Command Injection in install-package
Critical
CVE-2020-7629
was published
for
install-package
(npm)
Feb 10, 2022
OS Command Injection in git-add-remote
Critical
CVE-2020-7630
was published
for
git-add-remote
(npm)
Feb 10, 2022
OS Command Injection in node-key-sender
Critical
CVE-2020-7627
was published
for
node-key-sender
(npm)
Feb 10, 2022
Withdrawn Advisory: OS Command Injection in effect
Critical
CVE-2020-7624
was published
for
effect
(npm)
Feb 10, 2022
•
withdrawn
karma-mojo enables OS Command Injection
Critical
CVE-2020-7626
was published
for
karma-mojo
(npm)
Feb 10, 2022
Code injection in @rkesters/gnuplot
Critical
CVE-2021-29369
was published
for
@rkesters/gnuplot
(npm)
Feb 10, 2022
ProTip!
Advisories are also available from the
GraphQL API