GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,869
Erlang
29
GitHub Actions
16
Go
1,717
Maven
4,951
npm
3,480
NuGet
605
pip
3,026
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+
153 advisories
Filter by severity
OS Command Injection in strong-nginx-controller
Critical
CVE-2020-7621
was published
for
strong-nginx-controller
(npm)
Feb 10, 2022
OS Command Injection and Command Injection in kill-port-process
High
CVE-2019-15609
was published
for
kill-port-process
(npm)
Feb 10, 2022
OS Command Injection in systeminformation
High
CVE-2020-7778
was published
for
systeminformation
(npm)
Feb 9, 2022
push-dir Enables OS Command Injection
Critical
CVE-2019-10803
was published
for
push-dir
(npm)
Feb 9, 2022
OS Command Injection in diskusage-ng
Critical
CVE-2020-7631
was published
for
diskusage-ng
(npm)
Jan 7, 2022
OS Command Injection in node-mpv
Critical
CVE-2020-7632
was published
for
node-mpv
(npm)
Jan 7, 2022
Command injection in github-todos
Critical
CVE-2021-44684
was published
for
github-todos
(npm)
Dec 10, 2021
OS Command Injection in pixl-class
High
CVE-2020-7640
was published
for
pixl-class
(npm)
Dec 10, 2021
OS Command Injection in adb-driver
Critical
CVE-2020-7636
was published
for
adb-driver
(npm)
Dec 9, 2021
OS Command Injection in heroku-addonpool
Critical
CVE-2020-7634
was published
for
heroku-addonpool
(npm)
Dec 9, 2021
Command injection in git-it-electron
Critical
CVE-2021-44685
was published
for
git-it-electron
(npm)
Dec 8, 2021
OS Command injection in docker-cli-js
Moderate
CVE-2021-23732
was published
for
docker-cli-js
(npm)
Dec 2, 2021
•
withdrawn
Vulnerability in packageCmd function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36378
was published
for
aaptjs
(npm)
Nov 2, 2021
Vulnerability in remove function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36379
was published
for
aaptjs
(npm)
Nov 2, 2021
Vulnerability in dump function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36377
was published
for
aaptjs
(npm)
Nov 2, 2021
Vulnerability in list function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36376
was published
for
aaptjs
(npm)
Nov 2, 2021
Vulnerability in singleCrunch function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36381
was published
for
aaptjs
(npm)
Nov 1, 2021
Vulnerability in crunch function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36380
was published
for
aaptjs
(npm)
Nov 1, 2021
OS Command Injection in node-opencv
Critical
CVE-2019-10061
was published
for
opencv
(npm)
Oct 12, 2021
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in ZMarkdown
Critical
GHSA-2c83-wfv3-q25f
was published
for
rebber
(npm)
Sep 7, 2021
Command injection in @diez/generation
Low
CVE-2021-32830
was published
for
@diez/generation
(npm)
Sep 2, 2021
Arbitrary Command Injection due to Improper Command Sanitization
Moderate
GHSA-hxwm-x553-x359
was published
for
@npmcli/git
(npm)
Aug 5, 2021
ProTip!
Advisories are also available from the
GraphQL API