Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,825
Erlang
29
GitHub Actions
16
Go
1,715
Maven
4,950
npm
3,479
NuGet
605
pip
3,009
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,859 advisories

OS Command Injection in giting Critical
CVE-2019-10802 was published for giting (npm) Apr 13, 2021
KateCatlin
OS Command Injection in serial-number High
CVE-2019-10804 was published for serial-number (npm) Apr 13, 2021
OS Command Injection in enpeem High
CVE-2019-10801 was published for enpeem (npm) Apr 13, 2021
Command injection in corenlp-js-prefab Critical
CVE-2020-28439 was published for corenlp-js-prefab (npm) Apr 13, 2021
OS Command Injection in compile-sass High
CVE-2019-10799 was published for compile-sass (npm) Apr 13, 2021
OS Command Injection in rpi Moderate
CVE-2019-10796 was published for rpi (npm) Apr 13, 2021
OS Command Injection in curling High
CVE-2019-10789 was published for curling (npm) Apr 13, 2021
OS Command Injection and Improper Input Validation in ansible High
CVE-2019-14904 was published for ansible (pip) Apr 20, 2021
trentm/json vulnerable to command injection High
CVE-2020-7712 was published for json (Maven) May 6, 2021
Command injection in bestzip Critical
CVE-2020-7730 was published for bestzip (npm) May 6, 2021
OS Command injection in Bolt Moderate
CVE-2020-28925 was published for bolt/bolt (Composer) May 6, 2021
OS Command Injection in docker-compose-remote-api Critical
CVE-2020-7606 was published for docker-compose-remote-api (npm) May 7, 2021
OS Command Injection in gulkp-styledocco Critical
CVE-2020-7607 was published for gulp-styledocco (npm) May 7, 2021
OS Command Injection in gulp-tape Critical
CVE-2020-7605 was published for gulp-tape (npm) May 7, 2021
OS Command Injection in gulp-scss-lint Critical
CVE-2020-7601 was published for gulp-scss-lint (npm) May 7, 2021
OS Command Injection in closure-compiler-stream Critical
CVE-2020-7603 was published for closure-compiler-stream (npm) May 7, 2021
OS Command Injection in node-prompt-here Critical
CVE-2020-7602 was published for node-prompt-here (npm) May 7, 2021
OS Command Injection in pulverizr Critical
CVE-2020-7604 was published for pulverizr (npm) May 7, 2021
OS Command Injection in ng-packagr Moderate
CVE-2020-7735 was published for ng-packagr (npm) May 7, 2021
Command injection in get-git-data Critical
CVE-2020-7619 was published for get-git-data (npm) May 10, 2021
OS Command Injection in pomelo-monitor Critical
CVE-2020-7620 was published for pomelo-monitor (npm) May 10, 2021
OS Command Injection in wifiscanner Critical
CVE-2020-15362 was published for wifiscanner (npm) May 17, 2021
OS Command Injection in mversion Moderate
CVE-2020-7688 was published for mversion (npm) May 17, 2021
Injection and Command Injection in devcert High
CVE-2020-8186 was published for devcert (npm) May 18, 2021
apiconnect-cli-plugins vulnerable to OS Command Injection Critical
CVE-2020-7633 was published for apiconnect-cli-plugins (npm) May 24, 2021
ProTip! Advisories are also available from the GraphQL API