GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
301 advisories
Filter by severity
WWBN AVideo command injection vulnerability
High
CVE-2023-32073
was published
for
wwbn/avideo
(Composer)
May 12, 2023
Apache Spark UI vulnerable to Command Injection
High
CVE-2023-32007
was published
for
org.apache.spark:spark-parent_2.12
(Maven)
May 2, 2023
Arbitrary command injection in embano1/wip
High
CVE-2023-30623
was published
for
embano1/wip
(GitHub Actions)
Apr 24, 2023
Remote code execution in broccoli-compass
Critical
CVE-2023-27848
was published
for
broccoli-compass
(npm)
Apr 24, 2023
Remote code execution in dawnsparks-node-tesseract
Critical
CVE-2023-29566
was published
for
dawnsparks-node-tesseract
(npm)
Apr 24, 2023
Snowflake JDBC vulnerable to command injection via SSO URL authentication
High
CVE-2023-30535
was published
for
net.snowflake:snowflake-jdbc
(Maven)
Apr 14, 2023
Microweber vulnerable to command injection
Moderate
CVE-2023-1877
was published
for
microweber/microweber
(Composer)
Apr 5, 2023
Jenkins Convert To Pipeline Plugin vulnerable to command injection
High
CVE-2023-28677
was published
for
org.jenkins-ci.plugins:convert-to-pipeline
(Maven)
Apr 2, 2023
Apache UIMA DUCC allows remote code execution
High
CVE-2023-28935
was published
for
org.apache.uima:uima-ducc-parent
(Maven)
Mar 30, 2023
github-slug-action vulnerable to arbitrary code execution
High
CVE-2023-27581
was published
for
rlespinasse/github-slug-action
(GitHub Actions)
Mar 13, 2023
stoqey/gnuplot is vulnerable to command injection
Critical
CVE-2021-33360
was published
for
@stoqey/gnuplot
(npm)
Mar 10, 2023
json-logic-js Command Injection vulnerability
Critical
CVE-2021-4329
was published
for
json-logic-js
(npm)
Mar 5, 2023
Imperative CLI vulnerable to Command Injection
Low
CVE-2021-4326
was published
for
@zowe/imperative
(npm)
Mar 1, 2023
Versionn Command Injection Vulnerability
Critical
CVE-2023-25805
was published
for
versionn
(npm)
Feb 22, 2023
Command Injection in thorsten/phpmyfaq
Critical
CVE-2023-0789
was published
for
thorsten/phpmyfaq
(Composer)
Feb 12, 2023
create-choo-app3 is vulnerable to Command Injection via the devInstall function
High
CVE-2022-25855
was published
for
create-choo-app3
(npm)
Feb 6, 2023
semver-tags is vulnerable to Command Injection via the getGitTagsRemote function
High
CVE-2022-25853
was published
for
semver-tags
(npm)
Feb 6, 2023
mt7688-wiscan is vulnerable to Command Injection due to improper input sanitization
High
CVE-2022-25916
was published
for
mt7688-wiscan
(npm)
Feb 1, 2023
nemo-appium vulnerable to OS Command Injection
Critical
CVE-2022-21129
was published
for
nemo-appium
(npm)
Jan 31, 2023
DataFlow upload remote code execution vulnerability
High
CVE-2021-41231
was published
for
openmage/magento-lts
(Composer)
Jan 27, 2023
Fix for authenticated remote code execution through layout update
High
CVE-2021-41144
was published
for
openmage/magento-lts
(Composer)
Jan 27, 2023
Fix for arbitrary file deletion in customer media allows for remote code execution
High
CVE-2021-41143
was published
for
openmage/magento-lts
(Composer)
Jan 27, 2023
Fix for arbitrary command execution in custom layout update through blocks
High
CVE-2021-39217
was published
for
openmage/magento-lts
(Composer)
Jan 27, 2023
flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution
Critical
CVE-2013-2513
was published
for
flash_tool
(RubyGems)
Jan 26, 2023
ProTip!
Advisories are also available from the
GraphQL API