Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,335
Erlang
31
GitHub Actions
22
Go
2,096
Maven
5,000+
npm
3,762
NuGet
678
pip
3,448
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

143 advisories

Loading
Improper Neutralization of Special Elements used in an OS Command in Apache ActiveMQ High
CVE-2014-3576 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022
sunSUNQ
OS Command Injection in Jenkins High
CVE-2017-1000393 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
fs-git command injection vulnerability High
CVE-2017-1000451 was published for fs-git (npm) May 13, 2022
Indexed Search Engine for TYPO3 Command Execution via Metacharacter Injection High
CVE-2009-0258 was published for typo3/cms (Composer) May 2, 2022
ballcat-codegen template engine remote code execution injection High
CVE-2022-24881 was published for com.hccake:ballcat-codegen (Maven) Apr 27, 2022
LuckyT0mat0
Disputed: OS Command injection in github.com/kardianos/service High
CVE-2022-29583 was published for github.com/kardianos/service (Go) Apr 23, 2022 withdrawn
masinger
Code injection in Stripe CLI on windows High
CVE-2022-24753 was published for github.com/stripe/stripe-cli (Go) Mar 10, 2022
OS Command injection in Apache Airflow High
CVE-2022-24288 was published for apache-airflow (pip) Feb 26, 2022
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin High
CVE-2022-25173 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Feb 16, 2022
westonsteimel
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Shared Groovy Libraries Plugin High
CVE-2022-25174 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
westonsteimel
Jenkins Pipeline: Multibranch Plugin vulnerable to OS Command Injection High
CVE-2022-25175 was published for org.jenkins-ci.plugins.workflow:workflow-multibranch (Maven) Feb 16, 2022
daniel-beck
Exposure of server configuration in github.com/go-vela/server High
CVE-2020-26294 was published for github.com/go-vela/compiler (Go) Feb 15, 2022
matt-fevold wass3r
OS Command Injection in Microweber High
CVE-2022-0557 was published for microweber/microweber (Composer) Feb 12, 2022
OS Command Injection and Command Injection in kill-port-process High
CVE-2019-15609 was published for kill-port-process (npm) Feb 10, 2022
OS Command Injection in systeminformation High
CVE-2020-7778 was published for systeminformation (npm) Feb 9, 2022
OS Command Injection in ansible High
CVE-2020-1734 was published for ansible (pip) Feb 9, 2022
OS command execution vulnerability in Jenkins Docker Commons Plugin High
CVE-2022-20617 was published for org.jenkins-ci.plugins:docker-commons (Maven) Jan 13, 2022
westonsteimel
An authenticated user can execute arbitrary command in Gerapy High
CVE-2021-32849 was published for gerapy (pip) Jan 6, 2022
OS Command Injection in Laravel Framework High
CVE-2020-19316 was published for laravel/framework (Composer) Jan 6, 2022
OS Command Injection in celery High
CVE-2021-23727 was published for celery (pip) Jan 6, 2022
OS Command Injection in pixl-class High
CVE-2020-7640 was published for pixl-class (npm) Dec 10, 2021
OS Command Injection in Strapi High
CVE-2019-19609 was published for strapi (npm) Dec 10, 2021
Privilege escalation to cluster admin on multi-tenant environments High
CVE-2021-41254 was published for github.com/fluxcd/kustomize-controller (Go) Nov 15, 2021
AdamKorcz DavidKorczynski
OS Command Injection in ssh2 High
CVE-2020-26301 was published for ssh2 (npm) Sep 21, 2021
OS Command Injection in Centreon High
CVE-2020-22345 was published for centreon/centreon (Composer) Sep 2, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database