Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,199
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,702
NuGet
660
pip
3,328
Pub
11
RubyGems
883
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

317 advisories

Loading
ffmpeg-sdk vulnerable to OS Command Injection Critical
CVE-2020-28435 was published for ffmpeg-sdk (npm) Jul 26, 2022
google-cloudstorage-commands Command Injection vulnerability Critical
CVE-2020-28436 was published for google-cloudstorage-commands (npm) Jul 26, 2022
git-archive vulnerable to Command Injection via exports function High
CVE-2020-28422 was published for git-archive (npm) Jul 26, 2022
deferred-exec Command Injection vulnerability Critical
CVE-2020-28438 was published for deferred-exec (npm) Jul 26, 2022
xopen is vulnerable to OS Command Injection in Exported Function xopen(filepath) Critical
CVE-2020-28447 was published for xopen (npm) Jul 26, 2022
ntesseract vulnerable to Command Injection Critical
CVE-2020-28446 was published for ntesseract (npm) Jul 26, 2022
sonar-wrapper Command Injection vulnerability Critical
CVE-2020-28443 was published for sonar-wrapper (npm) Jul 26, 2022
Command injection in git-clone High
CVE-2022-25900 was published for git-clone (npm) Jul 2, 2022
lirantal
Command Injection in Nuitka High
CVE-2022-2054 was published for Nuitka (pip) Jun 13, 2022
OS Command Injection in git-promise High
CVE-2022-24376 was published for git-promise (npm) Jun 11, 2022
lirantal
sharp vulnerable to Command Injection in post-installation over build environment Moderate
CVE-2022-29256 was published for sharp (npm) Jun 1, 2022
dwisiswant0
HashiCorp go-getter command injection Critical
CVE-2022-26945 was published for github.com/hashicorp/go-getter (Go) May 26, 2022
Improper Neutralization of Special Elements used in a Command in Shell-quote Critical
CVE-2021-42740 was published for shell-quote (npm) May 24, 2022
MyTrueWallet kurt-r2c
jwilk
furlongm openvpn-monitor command injection High
CVE-2021-31605 was published for openvpn-monitor (pip) May 24, 2022
Drupal Core Arbitrary PHP code execution vulnerability High
CVE-2020-13664 was published for drupal/core (Composer) May 24, 2022
Command Injection in SaltStack Salt High
CVE-2021-31607 was published for salt (pip) May 24, 2022
SaltStack Salt command injection in the Salt-API when using the Salt-SSH client Critical
CVE-2021-3148 was published for salt (pip) May 24, 2022
SaltStack Salt command injection via a crafted process name High
CVE-2020-28243 was published for salt (pip) May 24, 2022
Dolibarr authenticated Remote Code Execution High
CVE-2020-35136 was published for dolibarr/dolibarr (Composer) May 24, 2022
SaltStack Salt is vulnerable to command injection Critical
CVE-2019-17361 was published for salt (pip) May 24, 2022
Total.js CMS RCE Vulnerability Critical
CVE-2019-15954 was published for total4 (npm) May 24, 2022
Command injection in Apache Maven maven-shared-utils Critical
CVE-2022-29599 was published for org.apache.maven.shared:maven-shared-utils (Maven) May 24, 2022
Cobbler subject to Command Injection High
CVE-2012-2395 was published for cobbler (pip) May 17, 2022
Improper Neutralization of Special Elements used in a Command in FitNesse Wiki High
CVE-2014-1216 was published for org.fitnesse:fitnesse (Maven) May 17, 2022
Swift Mailer mail transport Command Injection Critical
CVE-2016-10074 was published for swiftmailer/swiftmailer (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database