GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,869
Erlang
29
GitHub Actions
16
Go
1,717
Maven
4,951
npm
3,480
NuGet
605
pip
3,026
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+
317 advisories
Filter by severity
Improper Neutralization of Special Elements used in an OS Command in Blamer
Critical
CVE-2019-10807
was published
for
blamer
(npm)
May 24, 2022
OS command injection in CryptoMove Plugin
High
CVE-2020-2159
was published
for
io.jenkins.plugins:cryptomove
(Maven)
May 24, 2022
Froxlor arbitrary code execution via the database configuration options
High
CVE-2020-10235
was published
for
froxlor/froxlor
(Composer)
May 24, 2022
promise-probe OS command injection vulnerability
Critical
CVE-2019-10791
was published
for
promise-probe
(npm)
May 24, 2022
php-shellcommand command injection vulnerability
Critical
CVE-2019-10774
was published
for
mikehaertl/php-shellcommand
(Composer)
May 24, 2022
Treekill Enables OS Command Injection
Critical
CVE-2019-15598
was published
for
tree-kill
(npm)
May 24, 2022
Magento 2 Community Edition RCE Vulnerability
High
CVE-2019-8159
was published
for
magento/community-edition
(Composer)
May 24, 2022
Improper Neutralization of Special Elements used in an OS Command in Jenkins Git Client Plugin
High
CVE-2019-10392
was published
for
org.jenkins-ci.plugins:git-client
(Maven)
May 24, 2022
LibreNMS arbitrary OS commands execution
Critical
CVE-2018-20434
was published
for
librenms/librenms
(Composer)
May 24, 2022
Electron vulnerable to remote command execution
High
CVE-2017-12581
was published
for
electron
(npm)
May 17, 2022
Karteek Docsplit vulnerable to OS Command Injection
High
CVE-2013-1933
was published
for
karteek-docsplit
(RubyGems)
May 17, 2022
Arbitrary shell command execution in Jenkins EC2 Plugin
High
CVE-2017-1000502
was published
for
org.jenkins-ci.plugins:ec2
(Maven)
May 14, 2022
OS Command Injection in baserCMS
High
CVE-2018-0569
was published
for
baserproject/basercms
(Composer)
May 14, 2022
Apache James Server OS Command Injection
High
CVE-2015-7611
was published
for
org.apache.james:james-server
(Maven)
May 14, 2022
Improper Neutralization of Special Elements used in an OS Command in Apache ActiveMQ
High
CVE-2014-3576
was published
for
org.apache.activemq:activemq-client
(Maven)
May 14, 2022
OS Command Injection in Jenkins
High
CVE-2017-1000393
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Puppet Arbitrary Command Execution
Moderate
CVE-2012-1988
was published
for
puppet
(RubyGems)
May 14, 2022
OpenTSDB vulnerable to OS Command Injection
Critical
CVE-2018-12972
was published
for
net.opentsdb:opentsdb
(Maven)
May 13, 2022
Codiad Vulnerable to Shell Command Injection
Critical
CVE-2017-11366
was published
for
codiad/codiad
(Composer)
May 13, 2022
fs-git command injection vulnerability
High
CVE-2017-1000451
was published
for
fs-git
(npm)
May 13, 2022
PIDUsage Enables OS Command Injection
Critical
CVE-2017-1000220
was published
for
pidusage
(npm)
May 13, 2022
Mercurial is vulnerable to shell injection attack
Critical
CVE-2017-1000116
was published
for
mercurial
(pip)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API