GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
136 advisories
Filter by severity
Remote Code Execution in electron
High
CVE-2018-1000006
was published
for
electron
(npm)
Jan 23, 2018
Electron protocol handler browser vulnerable to Command Injection
High
CVE-2018-1000118
was published
for
electron
(npm)
Mar 26, 2018
conference-scheduler-cli Arbitrary Code Execution
High
CVE-2018-14572
was published
for
conference-scheduler-cli
(pip)
Oct 29, 2018
OS Command Injection in craftercms:crafter-studio
High
CVE-2018-19907
was published
for
org.craftercms:crafter-studio
(Maven)
Dec 19, 2018
react-dev-utils on Windows vulnerable to Remote Code Execution
High
CVE-2018-6342
was published
for
react-dev-utils
(npm)
Jan 4, 2019
Apache Tomcat OS Command Injection vulnerability
High
CVE-2019-0232
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Apr 18, 2019
OS Command Injection in MiniMagick
High
CVE-2019-13574
was published
for
mini_magick
(RubyGems)
Jul 18, 2019
OS Command Injection in Nexus Yum Repository Plugin
High
CVE-2019-5475
was published
for
org.sonatype.nexus.plugins:nexus-yum-repository-plugin
(Maven)
Sep 11, 2019
Yarn Improper link resolution before file access (Link Following)
High
CVE-2019-10773
was published
for
yarn
(npm)
Feb 14, 2020
codecov NPM module allows remote attackers to execute arbitrary commands
High
CVE-2020-7597
was published
for
codecov
(npm)
Feb 19, 2020
Remote code execution (RCE) in Apache Airflow
High
CVE-2020-11978
was published
for
apache-airflow
(pip)
Jul 27, 2020
Command Injection in Kylin
High
CVE-2020-1956
was published
for
org.apache.kylin:kylin-core-common
(Maven)
Jul 27, 2020
Command Injection in git-tags-remote
High
GHSA-gm9x-q798-hmr4
was published
for
git-tags-remote
(npm)
Jul 29, 2020
Command Injection in node-rules
High
GHSA-8whr-v3gm-w8h9
was published
for
node-rules
(npm)
Sep 3, 2020
systeminformation command injection vulnerability
High
CVE-2020-7752
was published
for
systeminformation
(npm)
Oct 27, 2020
XStream can be used for Remote Code Execution
High
CVE-2020-26217
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Nov 16, 2020
Command Injection Vulnerability in Mechanize
High
CVE-2021-21289
was published
for
mechanize
(RubyGems)
Feb 2, 2021
Command Injection Vulnerability
High
CVE-2021-21315
was published
for
systeminformation
(npm)
Feb 16, 2021
Command injection vulnerability in @prisma/sdk in getPackedPackage function
High
CVE-2021-21414
was published
for
@prisma/sdk
(npm)
Apr 6, 2021
Command Injection Vulnerability in systeminformation
High
CVE-2021-21388
was published
for
systeminformation
(npm)
Apr 6, 2021
OS Command Injection in im-resize
High
CVE-2019-10787
was published
for
im-resize
(npm)
Apr 13, 2021
OS Command Injection in im-metadata
High
CVE-2019-10788
was published
for
im-metadata
(npm)
Apr 13, 2021
ProTip!
Advisories are also available from the
GraphQL API