Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,825
Erlang
29
GitHub Actions
16
Go
1,715
Maven
4,950
npm
3,479
NuGet
605
pip
3,009
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,859 advisories

Command Injection Vulnerability in systeminformation Moderate
CVE-2020-26274 was published for systeminformation (npm) Dec 16, 2020
Command injection in connection-tester Critical
CVE-2020-7781 was published for connection-tester (npm) Dec 17, 2020
Command Injection in corenlp-js-interface Critical
CVE-2020-28440 was published for corenlp-js-interface (npm) Dec 18, 2020
OS Command Injection in node-notifier Moderate
CVE-2020-7789 was published for node-notifier (npm) Dec 21, 2020
XStream vulnerable to an Arbitrary File Deletion on the local host when unmarshalling Moderate
CVE-2020-26259 was published for com.thoughtworks.xstream:xstream (Maven) Dec 21, 2020
Command injection in buns Critical
CVE-2020-7794 was published for buns (npm) Jan 13, 2021
OS Command Injection in async-git Critical
CVE-2021-3190 was published for async-git (npm) Jan 29, 2021
Command Injection Vulnerability in Mechanize High
CVE-2021-21289 was published for mechanize (RubyGems) Feb 2, 2021
kyoshidajp
Command injection in total.js High
CVE-2020-28494 was published for total.js (npm) Feb 5, 2021
Command injection in samba-client Critical
CVE-2021-27185 was published for samba-client (npm) Feb 11, 2021
Command Injection Vulnerability Moderate
CVE-2021-21315 was published for systeminformation (npm) Feb 16, 2021
react-dev-utils OS Command Injection in function `getProcessForPort` Moderate
CVE-2021-24033 was published for react-dev-utils (npm) Mar 11, 2021
Command injection in node-ps Critical
CVE-2020-7785 was published for node-ps (npm) Mar 19, 2021
XStream is vulnerable to a Remote Command Execution attack Moderate
CVE-2021-21345 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
[thi.ng/egf] Potential arbitrary code execution of `#gpg`-tagged property values Moderate
CVE-2021-21412 was published for @thi.ng/egf (npm) Apr 6, 2021
erik-krogh
Arbitrary Command Injection in portprocesses Moderate
CVE-2021-23348 was published for portprocesses (npm) Apr 6, 2021
omnitaint
Command injection vulnerability in @prisma/sdk in getPackedPackage function High
CVE-2021-21414 was published for @prisma/sdk (npm) Apr 6, 2021
erik-krogh
Command Injection Vulnerability in systeminformation High
CVE-2021-21388 was published for systeminformation (npm) Apr 6, 2021
Command Injection in async-git Critical
CVE-2020-28490 was published for async-git (npm) Apr 12, 2021
Improper neutralization of arguments in freediskspace Critical
CVE-2020-7775 was published for freediskspace (npm) Apr 13, 2021
OS Command Injection in im-resize High
CVE-2019-10787 was published for im-resize (npm) Apr 13, 2021
OS Command Injection in im-metadata High
CVE-2019-10788 was published for im-metadata (npm) Apr 13, 2021
Improper Input Validation in network-manager Critical
CVE-2019-10786 was published for network-manager (npm) Apr 13, 2021
OS Command Injection in lsof High
CVE-2019-10783 was published for lsof (npm) Apr 13, 2021
Command Injection in nuance-gulp-build-common Critical
CVE-2020-28430 was published for nuance-gulp-build-common (npm) Apr 13, 2021 withdrawn
ProTip! Advisories are also available from the GraphQL API