Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,678
Erlang
29
GitHub Actions
16
Go
1,707
Maven
4,940
npm
3,471
NuGet
603
pip
2,987
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,998 advisories

Script injection Moderate
CVE-2021-32660 was published for @backstage/techdocs-common (npm) Jun 4, 2021
Script injection Moderate
CVE-2021-32661 was published for @backstage/plugin-techdocs (npm) Jun 4, 2021
Improper Neutralization of Special Elements used in a Command ('Command Injection') in @floffah/build Low
GHSA-jcgr-9698-82jx was published for @floffah/build (npm) May 28, 2021
Injection and Command Injection in devcert High
CVE-2020-8186 was published for devcert (npm) May 18, 2021
Command Injection in geojson2kml Critical
CVE-2020-28429 was published for geojson2kml (npm) May 10, 2021
Command Injection in ps-visitor Critical
CVE-2021-23374 was published for ps-visitor (npm) May 7, 2021
Command Injection in onion-oled-js Critical
CVE-2021-23377 was published for onion-oled-js (npm) May 7, 2021
Command Injection in picotts Critical
CVE-2021-23378 was published for picotts (npm) May 7, 2021
Code injection in mock2easy Critical
CVE-2020-7697 was published for mock2easy (npm) May 6, 2021
Command Injection in lodash High
CVE-2021-23337 was published for lodash (npm) May 6, 2021
mitchell-codecov nitaiapiiro
ebickle
Arbitrary command execution in roar-pidusage Moderate
CVE-2021-23380 was published for roar-pidusage (npm) May 6, 2021
Command Injection in ffmpegdotjs Critical
CVE-2021-23376 was published for ffmpegdotjs (npm) May 6, 2021
Command Injection in killing High
CVE-2021-23381 was published for killing (npm) May 6, 2021
Command injection in portkiller High
CVE-2021-23379 was published for portkiller (npm) May 6, 2021
Command Injection in psnode High
CVE-2021-23375 was published for psnode (npm) May 6, 2021
Arbitrary code execution in kill-by-port Moderate
CVE-2021-23363 was published for kill-by-port (npm) Apr 13, 2021
Code injection in port-killer High
CVE-2021-23359 was published for port-killer (npm) Apr 13, 2021
Command injection in launchpad Critical
CVE-2021-23330 was published for launchpad (npm) Apr 13, 2021
Command Injection in nuance-gulp-build-common Critical
CVE-2020-28430 was published for nuance-gulp-build-common (npm) Apr 13, 2021 withdrawn
Command injection in eslint-fixer Critical
CVE-2021-26275 was published for eslint-fixer (npm) Apr 13, 2021
Command Injection in killport High
CVE-2021-23360 was published for killport (npm) Apr 13, 2021
Command injection in gitlog Critical
CVE-2021-26541 was published for gitlog (npm) Apr 13, 2021
Command Injection Vulnerability in systeminformation High
CVE-2021-21388 was published for systeminformation (npm) Apr 6, 2021
Arbitrary Command Injection in portprocesses Moderate
CVE-2021-23348 was published for portprocesses (npm) Apr 6, 2021
omnitaint
Command injection in fs-path Critical
CVE-2020-8298 was published for fs-path (npm) Mar 25, 2021
ProTip! Advisories are also available from the GraphQL API