Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,793
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,947
npm
3,475
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,709 advisories

codecov NPM module allows remote attackers to execute arbitrary commands High
CVE-2020-7597 was published for codecov (npm) Feb 19, 2020
Electron protocol handler browser vulnerable to Command Injection High
CVE-2018-1000118 was published for electron (npm) Mar 26, 2018
Remote Code Execution in electron High
CVE-2018-1000006 was published for electron (npm) Jan 23, 2018
OS Command Injection in craftercms:crafter-studio High
CVE-2018-19907 was published for org.craftercms:crafter-studio (Maven) Dec 19, 2018
Command Injection in git-tags-remote High
GHSA-gm9x-q798-hmr4 was published for git-tags-remote (npm) Jul 29, 2020
Command Injection in Kylin High
CVE-2020-1956 was published for org.apache.kylin:kylin-core-common (Maven) Jul 27, 2020
Command Injection in jison High
CVE-2020-8178 was published for jison (npm) Oct 8, 2020 withdrawn
Exposure of server configuration in github.com/go-vela/server High
CVE-2020-26294 was published for github.com/go-vela/compiler (Go) Feb 15, 2022
matt-fevold wass3r
Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0... High Unreviewed
CVE-2020-12109 was published May 24, 2022
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject... High Unreviewed
CVE-2022-42290 was published Jan 13, 2023
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject... High Unreviewed
CVE-2022-42279 was published Jan 13, 2023
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to... High Unreviewed
CVE-2020-15920 was published May 24, 2022
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version... High Unreviewed
CVE-2023-22598 was published Jan 13, 2023
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the... High Unreviewed
CVE-2020-17505 was published May 24, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2020-15420 was published May 24, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2020-15426 was published May 24, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2020-15613 was published May 24, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2020-15610 was published May 24, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2020-15432 was published May 24, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2020-15433 was published May 24, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2020-15424 was published May 24, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2020-15423 was published May 24, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2020-15427 was published May 24, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2020-15434 was published May 24, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2020-15431 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API