Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

155 advisories

dns-sync command injection vulnerability Critical
CVE-2014-9682 was published for dns-sync (npm) Oct 24, 2017
Potential Command Injection in codem-transcode High
CVE-2013-7377 was published for codem-transcode (npm) Nov 28, 2017
Potential Command Injection in printer Critical
CVE-2014-3741 was published for printer (npm) Nov 28, 2017
Command Injection in pdfinfojs Critical
CVE-2018-3746 was published for pdfinfojs (npm) Jun 7, 2018
Command Injection in whereis Critical
CVE-2018-3772 was published for whereis (npm) Jul 31, 2018
Command Injection in egg-scripts Critical
CVE-2018-3786 was published for egg-scripts (npm) Sep 17, 2018
tdunlap607
ps Enables OS Command Injection Critical
CVE-2018-16460 was published for ps (npm) Sep 17, 2018
Command Injection in apex-publish-static-files Critical
CVE-2018-16462 was published for apex-publish-static-files (npm) Nov 1, 2018
Command Injection in libnmap Moderate
CVE-2018-16461 was published for libnmap (npm) Nov 1, 2018
Critical severity vulnerability that affects Haraka Critical
CVE-2016-1000282 was published for Haraka (npm) Feb 12, 2019
Command Injection in kill-port High
CVE-2019-5414 was published for kill-port (npm) Mar 25, 2019
Command Injection in fs-git High
CVE-2017-16087 was published for fs-git (npm) May 29, 2019
Command Injection in command-exists Critical
GHSA-cff4-rrq6-h78w was published for command-exists (npm) Jun 3, 2019
tdunlap607
Command Injection in opencv Low
GHSA-f698-m2v9-5fh3 was published for opencv (npm) Jun 4, 2019
Command Injection in dot Moderate
GHSA-4859-gpc7-4j66 was published for dot (npm) Jun 5, 2019
Rate Limiting Bypass in express-brute Moderate
GHSA-984p-xq9m-4rjw was published for express-brute (npm) Jun 7, 2019
Command Injection in fs-path High
GHSA-gc94-6w89-hpqr was published for fs-path (npm) Jun 12, 2019
Mooninaut
Command Injection in open Critical
GHSA-28xh-wpgr-7fm8 was published for open (npm) Jun 20, 2019
Command injection in node-dns-sync High
CVE-2020-11079 was published for dns-sync (npm) May 28, 2020
Command injection in mversion High
CVE-2020-4059 was published for mversion (npm) Jun 18, 2020
Command Injection in standard-version Moderate
GHSA-7xcx-6wjh-7xp2 was published for standard-version (npm) Jul 13, 2020
Unauthenticated Remote Command Injection in ep_imageconvert High
CVE-2013-3364 was published for ep_imageconvert (npm) Aug 31, 2020
Command Injection in ungit Critical
CVE-2015-4130 was published for ungit (npm) Aug 31, 2020
Command Injection in gm Critical
CVE-2015-7982 was published for gm (npm) Sep 1, 2020
Command Injection in pidusage Critical
CVE-2017-16034 was published for pidusage (npm) Sep 1, 2020
ProTip! Advisories are also available from the GraphQL API