GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
136 advisories
Filter by severity
codecov NPM module allows remote attackers to execute arbitrary commands
High
CVE-2020-7597
was published
for
codecov
(npm)
Feb 19, 2020
Electron protocol handler browser vulnerable to Command Injection
High
CVE-2018-1000118
was published
for
electron
(npm)
Mar 26, 2018
Remote Code Execution in electron
High
CVE-2018-1000006
was published
for
electron
(npm)
Jan 23, 2018
OS Command Injection in craftercms:crafter-studio
High
CVE-2018-19907
was published
for
org.craftercms:crafter-studio
(Maven)
Dec 19, 2018
Command Injection in git-tags-remote
High
GHSA-gm9x-q798-hmr4
was published
for
git-tags-remote
(npm)
Jul 29, 2020
Exposure of server configuration in github.com/go-vela/server
High
CVE-2020-26294
was published
for
github.com/go-vela/compiler
(Go)
Feb 15, 2022
OS Command Injection in Jenkins
High
CVE-2017-1000393
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
react-dev-utils on Windows vulnerable to Remote Code Execution
High
CVE-2018-6342
was published
for
react-dev-utils
(npm)
Jan 4, 2019
OS Command Injection in lifion-verify-deps
High
CVE-2021-34078
was published
for
lifion-verify-deps
(npm)
Jun 3, 2022
OS Command Injection in s3-uploader
High
CVE-2021-34084
was published
for
s3-uploader
(npm)
Jun 3, 2022
OS command execution vulnerability in Perfecto Plugin
High
CVE-2020-2261
was published
for
io.jenkins.plugins:perfecto
(Maven)
May 24, 2022
System command execution vulnerability in Selection tasks Jenkins Plugin
High
CVE-2020-2276
was published
for
org.jvnet.hudson.plugins:selection-tasks-plugin
(Maven)
May 24, 2022
OS command injection in CryptoMove Plugin
High
CVE-2020-2159
was published
for
io.jenkins.plugins:cryptomove
(Maven)
May 24, 2022
CrafterCMS OS Command Injection vulnerability
High
CVE-2022-40635
was published
for
org.craftercms:craftercms
(Maven)
Sep 14, 2022
OS command injection vulnerability in Jenkins Play Framework Plugin
High
CVE-2020-2200
was published
for
org.jenkins-ci.plugins:play-autotest-plugin
(Maven)
May 24, 2022
Command injection in mail agent settings
High
CVE-2021-37708
was published
for
shopware/core
(Composer)
Aug 30, 2021
ballcat-codegen template engine remote code execution injection
High
CVE-2022-24881
was published
for
com.hccake:ballcat-codegen
(Maven)
Apr 27, 2022
Docker Command Escaping in the GitHub Actions Runner
High
CVE-2022-39321
was published
for
actions/runner
(GitHub Actions)
Oct 25, 2022
arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm.
High
CVE-2022-39224
was published
for
arr-pm
(RubyGems)
Sep 21, 2022
OS Command Injection in Nexus Yum Repository Plugin
High
CVE-2019-5475
was published
for
org.sonatype.nexus.plugins:nexus-yum-repository-plugin
(Maven)
Sep 11, 2019
ProTip!
Advisories are also available from the
GraphQL API