Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,869
Erlang
29
GitHub Actions
16
Go
1,717
Maven
4,951
npm
3,480
NuGet
605
pip
3,026
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+

40 advisories

abacus-ext-cmdline vulnerable to Command Injection High
CVE-2022-24431 was published for abacus-ext-cmdline (npm) Dec 21, 2022
p4 vulnerable to Command Injection due to improper input sanitization High
CVE-2022-25171 was published for p4 (npm) Dec 20, 2022
simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol High
CVE-2022-25912 was published for simple-git (npm) Dec 6, 2022
Snyk CLI affected by Command Injection vulnerability High
CVE-2022-40764 was published for snyk (npm) Oct 4, 2022
OS Command Injection in s3-uploader High
CVE-2021-34084 was published for s3-uploader (npm) Jun 3, 2022
OS Command Injection in proctree High
CVE-2021-34082 was published for proctree (npm) Jun 3, 2022
Command injection in google-it High
CVE-2021-34083 was published for google-it (npm) Jun 3, 2022
OS Command injection in ssl-utils High
CVE-2021-34080 was published for ssl-utils (npm) Jun 3, 2022
OS Command Injection in lifion-verify-deps High
CVE-2021-34078 was published for lifion-verify-deps (npm) Jun 3, 2022
OS Command Injection in gitsome High
CVE-2021-34081 was published for gitsome (npm) Jun 3, 2022
Clamscan vulnerable to command injection High
CVE-2020-7613 was published for clamscan (npm) May 24, 2022
Electron vulnerable to remote command execution High
CVE-2017-12581 was published for electron (npm) May 17, 2022
fs-git command injection vulnerability High
CVE-2017-1000451 was published for fs-git (npm) May 13, 2022
OS Command Injection and Command Injection in kill-port-process High
CVE-2019-15609 was published for kill-port-process (npm) Feb 10, 2022
OS Command Injection in systeminformation High
CVE-2020-7778 was published for systeminformation (npm) Feb 9, 2022
OS Command Injection in pixl-class High
CVE-2020-7640 was published for pixl-class (npm) Dec 10, 2021
OS Command Injection in Strapi High
CVE-2019-19609 was published for strapi (npm) Dec 10, 2021
OS Command Injection in ssh2 High
CVE-2020-26301 was published for ssh2 (npm) Sep 21, 2021
Remote Command Execution in reg-keygen-git-hash-plugin High
CVE-2021-32673 was published for reg-keygen-git-hash-plugin (npm) Jun 8, 2021
progfay
Injection and Command Injection in devcert High
CVE-2020-8186 was published for devcert (npm) May 18, 2021
trentm/json vulnerable to command injection High
CVE-2020-7712 was published for json (Maven) May 6, 2021
OS Command Injection in curling High
CVE-2019-10789 was published for curling (npm) Apr 13, 2021
OS Command Injection in compile-sass High
CVE-2019-10799 was published for compile-sass (npm) Apr 13, 2021
OS Command Injection in enpeem High
CVE-2019-10801 was published for enpeem (npm) Apr 13, 2021
OS Command Injection in serial-number High
CVE-2019-10804 was published for serial-number (npm) Apr 13, 2021
ProTip! Advisories are also available from the GraphQL API