Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

3,389 advisories

Loading
Command injection in mail agent settings High
CVE-2021-37708 was published for shopware/core (Composer) Aug 30, 2021
Remote code execution in better-macro High
CVE-2021-38196 was published for better-macro (Rust) Aug 25, 2021
Command injection in Yamale High
CVE-2021-38305 was published for yamale (pip) Aug 11, 2021
OS command injection in ripgrep Critical
CVE-2021-3013 was published for grep-cli (Rust) Aug 5, 2021
Arbitrary Command Injection due to Improper Command Sanitization Moderate
GHSA-hxwm-x553-x359 was published for @npmcli/git (npm) Aug 5, 2021
tyage
OS Command Injection in OpenTSDB Critical
CVE-2020-35476 was published for net.opentsdb:opentsdb (Maven) Aug 2, 2021
OS Command Injection in Locutus Critical
CVE-2020-13619 was published for locutus (npm) Jul 26, 2021
Hugo can execute a binary from the current directory on Windows High
CVE-2020-26284 was published for github.com/gohugoio/hugo (Go) Jun 23, 2021
Ry0taK
Command Injection in Centreon High
CVE-2020-13252 was published for centreon/centreon (Composer) Jun 22, 2021
Shell command injection in Apache Syncope High
CVE-2020-11977 was published for org.apache.syncope:syncope (Maven) Jun 16, 2021
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE Critical
CVE-2021-32682 was published for studio-42/elfinder (Composer) Jun 16, 2021
thomas-chauchefoin-sonarsource
OS Command Injection in baserCMS High
CVE-2021-20682 was published for baserproject/basercms (Composer) Jun 8, 2021
Remote Command Execution in reg-keygen-git-hash-plugin High
CVE-2021-32673 was published for reg-keygen-git-hash-plugin (npm) Jun 8, 2021
progfay
OS Command Injection in jw.util Critical
CVE-2020-13388 was published for jw.util (pip) Jun 2, 2021
apiconnect-cli-plugins vulnerable to OS Command Injection Critical
CVE-2020-7633 was published for apiconnect-cli-plugins (npm) May 24, 2021
Injection and Command Injection in devcert High
CVE-2020-8186 was published for devcert (npm) May 18, 2021
OS Command Injection in mversion Moderate
CVE-2020-7688 was published for mversion (npm) May 17, 2021
OS Command Injection in wifiscanner Critical
CVE-2020-15362 was published for wifiscanner (npm) May 17, 2021
OS Command Injection in pomelo-monitor Critical
CVE-2020-7620 was published for pomelo-monitor (npm) May 10, 2021
Command injection in get-git-data Critical
CVE-2020-7619 was published for get-git-data (npm) May 10, 2021
OS Command Injection in ng-packagr Moderate
CVE-2020-7735 was published for ng-packagr (npm) May 7, 2021
OS Command Injection in pulverizr Critical
CVE-2020-7604 was published for pulverizr (npm) May 7, 2021
OS Command Injection in node-prompt-here Critical
CVE-2020-7602 was published for node-prompt-here (npm) May 7, 2021
OS Command Injection in closure-compiler-stream Critical
CVE-2020-7603 was published for closure-compiler-stream (npm) May 7, 2021
OS Command Injection in gulp-scss-lint Critical
CVE-2020-7601 was published for gulp-scss-lint (npm) May 7, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database