Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

338 advisories

Loading
Command Injection in Kylin Critical
CVE-2020-13925 was published for org.apache.kylin:kylin-server-base (Maven) Jul 27, 2020
Remote code execution (RCE) in Apache Airflow High
CVE-2020-11978 was published for apache-airflow (pip) Jul 27, 2020
sunSUNQ
Command injection via Celery broker in Apache Airflow Critical
CVE-2020-11981 was published for apache-airflow (pip) Jul 27, 2020
sunSUNQ
Command injection in codecov (npm package) Moderate
CVE-2020-15123 was published for codecov (npm) Jul 20, 2020
Command Injection in Limdu Low
CVE-2020-4066 was published for limdu (npm) Jun 22, 2020
Churro
Command Injection in umount Critical
CVE-2020-7628 was published for umount (npm) Jun 10, 2020
curlrequest allows execution of arbitrary commands Critical
CVE-2020-7646 was published for curlrequest (npm) May 13, 2020
Command Injection in npm-programmatic Critical
CVE-2020-7614 was published for npm-programmatic (npm) Apr 23, 2020
OS Command Injection in devcert-sanscache Critical
CVE-2019-10778 was published for devcert-sanscache (npm) Apr 14, 2020
OS Command Injection in Rake Moderate
CVE-2020-8130 was published for rake (RubyGems) Feb 28, 2020
Reflected XSS in SilverStripe Moderate
CVE-2019-19325 was published for silverstripe/framework (Composer) Feb 24, 2020
codecov NPM module allows remote attackers to execute arbitrary commands High
CVE-2020-7597 was published for codecov (npm) Feb 19, 2020
Yarn Improper link resolution before file access (Link Following) High
CVE-2019-10773 was published for yarn (npm) Feb 14, 2020
BibTeX-Ruby vulnerable to OS command injection Critical
CVE-2019-10780 was published for bibtex-ruby (RubyGems) Feb 14, 2020
OS command injection in aws-lambda Critical
CVE-2019-10777 was published for aws-lambda (npm) Feb 14, 2020
OS command injection in git-diff-apply Critical
CVE-2019-10776 was published for git-diff-apply (npm) Feb 14, 2020
Remote Code Execution Vulnerability in NPM mongo-express Critical
CVE-2019-10758 was published for mongo-express (npm) Dec 30, 2019
JLLeitschuh
Command Injection in gitlabhook Critical
CVE-2019-5485 was published for gitlabhook (npm) Sep 16, 2019
OS Command Injection in Nexus Yum Repository Plugin High
CVE-2019-5475 was published for org.sonatype.nexus.plugins:nexus-yum-repository-plugin (Maven) Sep 11, 2019
Nokogiri Command Injection Vulnerability Critical
CVE-2019-5477 was published for nokogiri (RubyGems) Aug 19, 2019
tdunlap607
OS Command Injection in MiniMagick High
CVE-2019-13574 was published for mini_magick (RubyGems) Jul 18, 2019
Command Injection in Xstream Critical
CVE-2013-7285 was published for com.thoughtworks.xstream:xstream (Maven) May 29, 2019
mmabdpr MarkLee131
Apache Tomcat OS Command Injection vulnerability High
CVE-2019-0232 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 18, 2019
Potential Command Injection in shell-quote Critical
CVE-2016-10541 was published for shell-quote (npm) Feb 18, 2019
react-dev-utils on Windows vulnerable to Remote Code Execution High
CVE-2018-6342 was published for react-dev-utils (npm) Jan 4, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database