Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

49 advisories

Loading
phpxmlrpc vulnerable to argument injection Moderate
GHSA-q7qq-9gx2-ggxv was published for phpxmlrpc/phpxmlrpc (Composer) Dec 2, 2022
Arbitrary file write in dragonfly Critical
CVE-2021-33473 was published for dragonfly (RubyGems) Jun 3, 2022
mc-kill-port vulnerable to Arbitrary Command Execution via kill function High
CVE-2022-25973 was published for mc-kill-port (npm) Aug 11, 2022
Gitea vulnerable to Argument Injection Critical
CVE-2022-42968 was published for github.com/go-gitea/gitea (Go) Oct 16, 2022
Command injection in git-interface Critical
CVE-2022-1440 was published for git-interface (npm) Apr 23, 2022
lirantal
OS Command Injection in git-promise High
CVE-2022-24376 was published for git-promise (npm) Jun 11, 2022
lirantal
Argument Injection in Apache Geode server Moderate
CVE-2017-15694 was published for org.apache.geode:geode-core (Maven) Jun 26, 2019
Null characters not escaped High
CVE-2021-21384 was published for shescape (npm) Mar 18, 2021
Command injection in nodemailer Critical
CVE-2020-7769 was published for nodemailer (npm) May 10, 2021
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Weblate High
CVE-2022-23915 was published for Weblate (pip) Mar 4, 2022
dellalibera
Command injection in Rancher Git package Moderate
CVE-2022-43758 was published for github.com/rancher/rancher (Go) Jan 25, 2023
cokeBeer snoopysecurity
Remote command injection when using sendmail email transport Moderate
GHSA-wfrj-qqc2-83cm was published for ghost (npm) Sep 20, 2021
tdunlap607
Command injection in cocoapods-downloader High
CVE-2022-21223 was published for cocoapods-downloader (RubyGems) Apr 2, 2022
Command injection in cocoapods-downloader High
CVE-2022-24440 was published for cocoapods-downloader (RubyGems) Apr 2, 2022
tdunlap607
Command injection in Git package in Wrangler High
CVE-2022-31249 was published for github.com/rancher/wrangler (Go) Jan 25, 2023
cokeBeer aruneko
tdunlap607
Command injection in ruby-git Critical
CVE-2022-25648 was published for git (RubyGems) Apr 20, 2022
Apache Hadoop argument injection vulnerability Critical
CVE-2022-25168 was published for org.apache.hadoop:hadoop-common (Maven) Aug 5, 2022
Command injection in simple-git High
CVE-2022-24066 was published for simple-git (npm) Apr 2, 2022
lirantal rhelinko-telia
Arbitrary code execution in H2 Console Critical
CVE-2022-23221 was published for com.h2database:h2 (Maven) Jan 21, 2022
Dragonfly contains remote code execution vulnerability Critical
CVE-2021-33564 was published for dragonfly (RubyGems) Jun 2, 2021
RubyGems Escape sequence injection vulnerability in verbose High
CVE-2019-8321 was published for rubygems-update (RubyGems) Jun 20, 2019
Command injection in git-clone High
CVE-2022-25900 was published for git-clone (npm) Jul 2, 2022
lirantal
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks Critical
CVE-2021-21386 was published for APKLeaks (pip) Jan 21, 2022
Ry0taK
Arbitrary Code Execution in mathjs Critical
CVE-2017-1001003 was published for mathjs (npm) Dec 18, 2017
Duplicate Advisory: Improper Neutralization of CRLF Sequences in dio High
GHSA-jwpw-q68h-r678 was published for dio (Pub) May 24, 2022 withdrawn
AlexV525
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database