Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

136 advisories

Loading
codecov NPM module allows remote attackers to execute arbitrary commands High
CVE-2020-7597 was published for codecov (npm) Feb 19, 2020
Electron protocol handler browser vulnerable to Command Injection High
CVE-2018-1000118 was published for electron (npm) Mar 26, 2018
Remote Code Execution in electron High
CVE-2018-1000006 was published for electron (npm) Jan 23, 2018
OS Command Injection in craftercms:crafter-studio High
CVE-2018-19907 was published for org.craftercms:crafter-studio (Maven) Dec 19, 2018
Command Injection in git-tags-remote High
GHSA-gm9x-q798-hmr4 was published for git-tags-remote (npm) Jul 29, 2020
Command Injection in jison High
CVE-2020-8178 was published for jison (npm) Oct 8, 2020 withdrawn
Exposure of server configuration in github.com/go-vela/server High
CVE-2020-26294 was published for github.com/go-vela/compiler (Go) Feb 15, 2022
matt-fevold wass3r
OS Command Injection in Jenkins High
CVE-2017-1000393 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
react-dev-utils on Windows vulnerable to Remote Code Execution High
CVE-2018-6342 was published for react-dev-utils (npm) Jan 4, 2019
OS Command Injection in lifion-verify-deps High
CVE-2021-34078 was published for lifion-verify-deps (npm) Jun 3, 2022
OS Command Injection in gitsome High
CVE-2021-34081 was published for gitsome (npm) Jun 3, 2022
Command injection in google-it High
CVE-2021-34083 was published for google-it (npm) Jun 3, 2022
OS Command Injection in s3-uploader High
CVE-2021-34084 was published for s3-uploader (npm) Jun 3, 2022
OS Command injection in ssl-utils High
CVE-2021-34080 was published for ssl-utils (npm) Jun 3, 2022
OS Command Injection in proctree High
CVE-2021-34082 was published for proctree (npm) Jun 3, 2022
OS command execution vulnerability in Perfecto Plugin High
CVE-2020-2261 was published for io.jenkins.plugins:perfecto (Maven) May 24, 2022
NotMyFault
System command execution vulnerability in Selection tasks Jenkins Plugin High
CVE-2020-2276 was published for org.jvnet.hudson.plugins:selection-tasks-plugin (Maven) May 24, 2022
NotMyFault
OS command injection in CryptoMove Plugin High
CVE-2020-2159 was published for io.jenkins.plugins:cryptomove (Maven) May 24, 2022
NotMyFault
CrafterCMS OS Command Injection vulnerability High
CVE-2022-40635 was published for org.craftercms:craftercms (Maven) Sep 14, 2022
OS command injection vulnerability in Jenkins Play Framework Plugin High
CVE-2020-2200 was published for org.jenkins-ci.plugins:play-autotest-plugin (Maven) May 24, 2022
NotMyFault
Command injection in mail agent settings High
CVE-2021-37708 was published for shopware/core (Composer) Aug 30, 2021
ballcat-codegen template engine remote code execution injection High
CVE-2022-24881 was published for com.hccake:ballcat-codegen (Maven) Apr 27, 2022
LuckyT0mat0
Docker Command Escaping in the GitHub Actions Runner High
CVE-2022-39321 was published for actions/runner (GitHub Actions) Oct 25, 2022
OS Command Injection in Nexus Yum Repository Plugin High
CVE-2019-5475 was published for org.sonatype.nexus.plugins:nexus-yum-repository-plugin (Maven) Sep 11, 2019
ProTip! Advisories are also available from the GraphQL API