GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,869
Erlang
29
GitHub Actions
16
Go
1,717
Maven
4,951
npm
3,480
NuGet
605
pip
3,026
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+
317 advisories
Filter by severity
OS Command Injection in lifion-verify-deps
High
CVE-2021-34078
was published
for
lifion-verify-deps
(npm)
Jun 3, 2022
OS Command Injection in gogs
Critical
CVE-2021-32546
was published
for
gogs.io/gogs
(Go)
Jun 2, 2022
sharp vulnerable to Command Injection in post-installation over build environment
Moderate
CVE-2022-29256
was published
for
sharp
(npm)
Jun 1, 2022
Apache Superset OS Command Injection
High
CVE-2020-13948
was published
for
apache-superset
(pip)
May 24, 2022
SaltStack Salt command injection via a crafted process name
High
CVE-2020-28243
was published
for
salt
(pip)
May 24, 2022
Magento OS Command Injection
Critical
CVE-2021-21018
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento OS command injection via the customer attribute save controller
High
CVE-2021-21015
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento OS command injection via the WebAPI
Critical
CVE-2021-21016
was published
for
magento/community-edition
(Composer)
May 24, 2022
Zen Cart vulnerable to authenticated remote code execution
High
CVE-2021-3291
was published
for
zencart/zencart
(Composer)
May 24, 2022
ClusterLabs crmsh vulnerable to shell code injection
High
CVE-2020-35459
was published
for
crmsh
(pip)
May 24, 2022
SaltStack Salt Command Injection in netapi ssh client
Critical
CVE-2020-16846
was published
for
salt
(pip)
May 24, 2022
System command execution vulnerability in Selection tasks Jenkins Plugin
High
CVE-2020-2276
was published
for
org.jvnet.hudson.plugins:selection-tasks-plugin
(Maven)
May 24, 2022
OS command execution vulnerability in Perfecto Plugin
High
CVE-2020-2261
was published
for
io.jenkins.plugins:perfecto
(Maven)
May 24, 2022
Magento command injection vulnerability
Critical
CVE-2020-9582
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento command injection vulnerability
Critical
CVE-2020-9583
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento command injection vulnerability
Critical
CVE-2020-9578
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento command injection vulnerability
Critical
CVE-2020-9576
was published
for
magento/community-edition
(Composer)
May 24, 2022
OS command injection vulnerability in Jenkins Play Framework Plugin
High
CVE-2020-2200
was published
for
org.jenkins-ci.plugins:play-autotest-plugin
(Maven)
May 24, 2022
chrome-launcher subject to OS Command Injection
Critical
CVE-2020-7645
was published
for
chrome-launcher
(npm)
May 24, 2022
Clamscan vulnerable to command injection
High
CVE-2020-7613
was published
for
clamscan
(npm)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API