GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,869
Erlang
29
GitHub Actions
16
Go
1,717
Maven
4,951
npm
3,480
NuGet
605
pip
3,026
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,709 advisories
Filter by severity
Shell command injection in Apache Syncope
High
CVE-2020-11977
was published
for
org.apache.syncope:syncope
(Maven)
Jun 16, 2021
OS Command Injection in baserCMS
High
CVE-2021-20682
was published
for
baserproject/basercms
(Composer)
Jun 8, 2021
Remote Command Execution in reg-keygen-git-hash-plugin
High
CVE-2021-32673
was published
for
reg-keygen-git-hash-plugin
(npm)
Jun 8, 2021
Injection and Command Injection in devcert
High
CVE-2020-8186
was published
for
devcert
(npm)
May 18, 2021
trentm/json vulnerable to command injection
High
CVE-2020-7712
was published
for
json
(Maven)
May 6, 2021
OS Command Injection and Improper Input Validation in ansible
High
CVE-2019-14904
was published
for
ansible
(pip)
Apr 20, 2021
OS Command Injection in compile-sass
High
CVE-2019-10799
was published
for
compile-sass
(npm)
Apr 13, 2021
OS Command Injection in serial-number
High
CVE-2019-10804
was published
for
serial-number
(npm)
Apr 13, 2021
OS Command Injection in im-metadata
High
CVE-2019-10788
was published
for
im-metadata
(npm)
Apr 13, 2021
OS Command Injection in im-resize
High
CVE-2019-10787
was published
for
im-resize
(npm)
Apr 13, 2021
Command Injection Vulnerability in systeminformation
High
CVE-2021-21388
was published
for
systeminformation
(npm)
Apr 6, 2021
Command injection vulnerability in @prisma/sdk in getPackedPackage function
High
CVE-2021-21414
was published
for
@prisma/sdk
(npm)
Apr 6, 2021
Command Injection Vulnerability in Mechanize
High
CVE-2021-21289
was published
for
mechanize
(RubyGems)
Feb 2, 2021
XStream can be used for Remote Code Execution
High
CVE-2020-26217
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Nov 16, 2020
systeminformation command injection vulnerability
High
CVE-2020-7752
was published
for
systeminformation
(npm)
Oct 27, 2020
Command Injection in node-rules
High
GHSA-8whr-v3gm-w8h9
was published
for
node-rules
(npm)
Sep 3, 2020
Command Injection in git-tags-remote
High
GHSA-gm9x-q798-hmr4
was published
for
git-tags-remote
(npm)
Jul 29, 2020
Command Injection in Kylin
High
CVE-2020-1956
was published
for
org.apache.kylin:kylin-core-common
(Maven)
Jul 27, 2020
Remote code execution in Apache Airflow
High
CVE-2020-11978
was published
for
apache-airflow
(pip)
Jul 27, 2020
codecov NPM module allows remote attackers to execute arbitrary commands
High
CVE-2020-7597
was published
for
codecov
(npm)
Feb 19, 2020
ProTip!
Advisories are also available from the
GraphQL API