GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
155 advisories
Filter by severity
Command Injection in cocos-utils
High
GHSA-rffp-mc78-wjf7
was published
for
cocos-utils
(npm)
Sep 2, 2020
Command Injection in bestzip
Critical
GHSA-4qqc-mp5f-ccv4
was published
for
bestzip
(npm)
Sep 2, 2020
Command Injection in samsung-remote
Critical
GHSA-xhjx-mfr6-9rr4
was published
for
samsung-remote
(npm)
Sep 1, 2020
Command Injection in ascii-art
Low
GHSA-9hqj-38j2-5jgm
was published
for
ascii-art
(npm)
Sep 1, 2020
Unauthenticated Remote Command Injection in ep_imageconvert
High
CVE-2013-3364
was published
for
ep_imageconvert
(npm)
Aug 31, 2020
Command Injection in standard-version
Moderate
GHSA-7xcx-6wjh-7xp2
was published
for
standard-version
(npm)
Jul 13, 2020
Command injection in node-dns-sync
High
CVE-2020-11079
was published
for
dns-sync
(npm)
May 28, 2020
Rate Limiting Bypass in express-brute
Moderate
GHSA-984p-xq9m-4rjw
was published
for
express-brute
(npm)
Jun 7, 2019
Command Injection in command-exists
Critical
GHSA-cff4-rrq6-h78w
was published
for
command-exists
(npm)
Jun 3, 2019
Critical severity vulnerability that affects Haraka
Critical
CVE-2016-1000282
was published
for
Haraka
(npm)
Feb 12, 2019
Command Injection in apex-publish-static-files
Critical
CVE-2018-16462
was published
for
apex-publish-static-files
(npm)
Nov 1, 2018
Command Injection in egg-scripts
Critical
CVE-2018-3786
was published
for
egg-scripts
(npm)
Sep 17, 2018
ProTip!
Advisories are also available from the
GraphQL API