GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
963 advisories
Filter by severity
@acrontum/filesystem-template vulnerable to Command Injection due to fetchRepo API missing sanitization
Critical
CVE-2022-21186
was published
for
@acrontum/filesystem-template
(npm)
Aug 6, 2022
Raneto v0.17.0 employs weak password complexity requirements
Critical
CVE-2022-35143
was published
for
raneto
(npm)
Aug 5, 2022
node-latex-pdf is susceptible to command injection
Critical
CVE-2020-28433
was published
for
node-latex-pdf
(npm)
Aug 3, 2022
gitblame susceptible to command injection
Critical
CVE-2020-28434
was published
for
gitblame
(npm)
Aug 3, 2022
get-npm-package-version Command Injection vulnerability
Critical
CVE-2020-7795
was published
for
get-npm-package-version
(npm)
Aug 3, 2022
curljs Command Injection vulnerability
Critical
CVE-2020-28425
was published
for
curljs
(npm)
Aug 3, 2022
heroku-env susceptible to command injection
Critical
CVE-2020-28437
was published
for
heroku-env
(npm)
Aug 3, 2022
image-tiler susceptible to command injection
Critical
CVE-2020-28451
was published
for
image-tiler
(npm)
Aug 3, 2022
npos-tesseract Command Injection vulnerability
Critical
CVE-2020-28453
was published
for
npos-tesseract
(npm)
Aug 3, 2022
monorepo-build Command Injection vulnerability
Critical
CVE-2020-28423
was published
for
monorepo-build
(npm)
Aug 3, 2022
NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails
Critical
CVE-2022-35924
was published
for
next-auth
(npm)
Aug 2, 2022
conf-cfg-ini Prototype Pollution via malicious INI file before v1.2.2
Critical
CVE-2020-28441
was published
for
conf-cfg-ini
(npm)
Jul 26, 2022
deferred-exec Command Injection vulnerability
Critical
CVE-2020-28438
was published
for
deferred-exec
(npm)
Jul 26, 2022
google-cloudstorage-commands Command Injection vulnerability
Critical
CVE-2020-28436
was published
for
google-cloudstorage-commands
(npm)
Jul 26, 2022
ffmpeg-sdk vulnerable to OS Command Injection
Critical
CVE-2020-28435
was published
for
ffmpeg-sdk
(npm)
Jul 26, 2022
otp-generator before v3.0.0 insecurely generates random one-time passwords
Critical
CVE-2021-23451
was published
for
otp-generator
(npm)
Jul 26, 2022
node-import `params` argument can be controlled by users without any sanitization
Critical
CVE-2020-7678
was published
for
node-import
(npm)
Jul 26, 2022
js-ini Prorotype Pollution when malicious INI files submitted to an application that parses it with `parse`
Critical
CVE-2020-28461
was published
for
js-ini
(npm)
Jul 26, 2022
set-deep-prop Prototype Pollution
Critical
CVE-2021-23373
was published
for
set-deep-prop
(npm)
Jul 26, 2022
ntesseract vulnerable to Command Injection
Critical
CVE-2020-28446
was published
for
ntesseract
(npm)
Jul 26, 2022
xopen is vulnerable to OS Command Injection in Exported Function xopen(filepath)
Critical
CVE-2020-28447
was published
for
xopen
(npm)
Jul 26, 2022
ion-parser Prototype Pollution when malicious INI file submitted to application that parses with `parse`
Critical
CVE-2020-28462
was published
for
ion-parser
(npm)
Jul 26, 2022
sonar-wrapper Command Injection vulnerability
Critical
CVE-2020-28443
was published
for
sonar-wrapper
(npm)
Jul 26, 2022
Joplin is vulnerable to arbitrary code execution
Critical
CVE-2022-35131
was published
for
joplin
(npm)
Jul 26, 2022
convert-svg-core vulnerable to remote code injection
Critical
CVE-2022-25759
was published
for
convert-svg-core
(npm)
Jul 23, 2022
ProTip!
Advisories are also available from the
GraphQL API