Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

88 advisories

openssl npm package vulnerable to command execution Critical
CVE-2023-49210 was published for openssl (npm) Nov 23, 2023
systeminformation SSID Command Injection Vulnerability Critical
CVE-2023-42810 was published for systeminformation (npm) Sep 21, 2023
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA Critical
CVE-2023-33831 was published for @frangoteam/fuxa (npm) Sep 18, 2023
git-commit-info vulnerable to Command Injection Critical
CVE-2023-26134 was published for git-commit-info (npm) Jun 28, 2023
Remote code execution in broccoli-compass Critical
CVE-2023-27848 was published for broccoli-compass (npm) Apr 24, 2023
Remote code execution in dawnsparks-node-tesseract Critical
CVE-2023-29566 was published for dawnsparks-node-tesseract (npm) Apr 24, 2023
stoqey/gnuplot is vulnerable to command injection Critical
CVE-2021-33360 was published for @stoqey/gnuplot (npm) Mar 10, 2023
json-logic-js Command Injection vulnerability Critical
CVE-2021-4329 was published for json-logic-js (npm) Mar 5, 2023
Versionn Command Injection Vulnerability Critical
CVE-2023-25805 was published for versionn (npm) Feb 22, 2023
nemo-appium vulnerable to OS Command Injection Critical
CVE-2022-21129 was published for nemo-appium (npm) Jan 31, 2023
Command Injection in create-choo-electron Critical
CVE-2022-25908 was published for create-choo-electron (npm) Jan 26, 2023
Command injection in vagrant.js Critical
CVE-2022-25962 was published for vagrant.js (npm) Jan 26, 2023
global-modules-path Command Injection vulnerability Critical
CVE-2022-21191 was published for global-modules-path (npm) Jan 13, 2023
wifey vulnerable to Command Injection due to improper input sanitization Critical
CVE-2022-25890 was published for wifey (npm) Jan 9, 2023
exec-local-bin vulnerable to Command Injection Critical
CVE-2022-25923 was published for exec-local-bin (npm) Jan 6, 2023
cycle-import-check vulnerable to Command Injection Critical
CVE-2022-24377 was published for cycle-import-check (npm) Dec 14, 2022
Font-Converter Vulnerable to Arbitrary Command Injection Critical
CVE-2022-21165 was published for font-converter (npm) Aug 29, 2022
@acrontum/filesystem-template vulnerable to Command Injection due to fetchRepo API missing sanitization Critical
CVE-2022-21186 was published for @acrontum/filesystem-template (npm) Aug 6, 2022
curljs Command Injection vulnerability Critical
CVE-2020-28425 was published for curljs (npm) Aug 3, 2022
gitblame susceptible to command injection Critical
CVE-2020-28434 was published for gitblame (npm) Aug 3, 2022
get-npm-package-version Command Injection vulnerability Critical
CVE-2020-7795 was published for get-npm-package-version (npm) Aug 3, 2022
heroku-env susceptible to command injection Critical
CVE-2020-28437 was published for heroku-env (npm) Aug 3, 2022
image-tiler susceptible to command injection Critical
CVE-2020-28451 was published for image-tiler (npm) Aug 3, 2022
node-latex-pdf is susceptible to command injection Critical
CVE-2020-28433 was published for node-latex-pdf (npm) Aug 3, 2022
npos-tesseract Command Injection vulnerability Critical
CVE-2020-28453 was published for npos-tesseract (npm) Aug 3, 2022
ProTip! Advisories are also available from the GraphQL API