Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

161 advisories

Loading
Vulnerability in list function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36376 was published for aaptjs (npm) Nov 2, 2021
Vulnerability in singleCrunch function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36381 was published for aaptjs (npm) Nov 1, 2021
Vulnerability in crunch function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36380 was published for aaptjs (npm) Nov 1, 2021
OS Command Injection in node-opencv Critical
CVE-2019-10061 was published for opencv (npm) Oct 12, 2021
OS Command Injection in ssh2 High
CVE-2020-26301 was published for ssh2 (npm) Sep 21, 2021
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in ZMarkdown Critical
GHSA-2c83-wfv3-q25f was published for rebber (npm) Sep 7, 2021
gustavi
Command injection in @diez/generation Low
CVE-2021-32830 was published for @diez/generation (npm) Sep 2, 2021
Arbitrary Command Injection due to Improper Command Sanitization Moderate
GHSA-hxwm-x553-x359 was published for @npmcli/git (npm) Aug 5, 2021
tyage
OS Command Injection in Locutus Critical
CVE-2020-13619 was published for locutus (npm) Jul 26, 2021
Remote Command Execution in reg-keygen-git-hash-plugin High
CVE-2021-32673 was published for reg-keygen-git-hash-plugin (npm) Jun 8, 2021
progfay
apiconnect-cli-plugins vulnerable to OS Command Injection Critical
CVE-2020-7633 was published for apiconnect-cli-plugins (npm) May 24, 2021
Injection and Command Injection in devcert High
CVE-2020-8186 was published for devcert (npm) May 18, 2021
OS Command Injection in mversion Moderate
CVE-2020-7688 was published for mversion (npm) May 17, 2021
OS Command Injection in wifiscanner Critical
CVE-2020-15362 was published for wifiscanner (npm) May 17, 2021
OS Command Injection in pomelo-monitor Critical
CVE-2020-7620 was published for pomelo-monitor (npm) May 10, 2021
Command injection in get-git-data Critical
CVE-2020-7619 was published for get-git-data (npm) May 10, 2021
OS Command Injection in ng-packagr Moderate
CVE-2020-7735 was published for ng-packagr (npm) May 7, 2021
OS Command Injection in pulverizr Critical
CVE-2020-7604 was published for pulverizr (npm) May 7, 2021
OS Command Injection in node-prompt-here Critical
CVE-2020-7602 was published for node-prompt-here (npm) May 7, 2021
OS Command Injection in closure-compiler-stream Critical
CVE-2020-7603 was published for closure-compiler-stream (npm) May 7, 2021
OS Command Injection in gulp-scss-lint Critical
CVE-2020-7601 was published for gulp-scss-lint (npm) May 7, 2021
OS Command Injection in gulp-tape Critical
CVE-2020-7605 was published for gulp-tape (npm) May 7, 2021
OS Command Injection in gulkp-styledocco Critical
CVE-2020-7607 was published for gulp-styledocco (npm) May 7, 2021
OS Command Injection in docker-compose-remote-api Critical
CVE-2020-7606 was published for docker-compose-remote-api (npm) May 7, 2021
Command injection in bestzip Critical
CVE-2020-7730 was published for bestzip (npm) May 6, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database