Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,916
Maven
5,000+
npm
3,646
NuGet
638
pip
3,263
Pub
10
RubyGems
870
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+

155 advisories

Loading
git-shallow-clone OS Command Injection vulnerability Moderate
CVE-2024-21531 was published for git-shallow-clone (npm) Oct 1, 2024
rejetto HFS vulnerable to OS Command Execution by remote authenticated users Critical
CVE-2024-39943 was published for hfs (npm) Jul 5, 2024
Renovate vulnerable to arbitrary command injection via helmv3 manager and registryAliases Moderate
GHSA-rqgv-292v-5qgr was published for renovate (npm) Apr 23, 2024
meyfa
Pedroetb TTS-API OS Command Injection Critical
CVE-2019-25158 was published for tts-api (npm) Dec 19, 2023
chromedriver Command Injection vulnerability Moderate
CVE-2023-26156 was published for chromedriver (npm) Nov 9, 2023
Command Injection Vulnerability in find-exec Critical
CVE-2023-40582 was published for find-exec (npm) Aug 30, 2023
miguelafmonteiro
vm2 Sandbox Escape vulnerability Critical
CVE-2023-37903 was published for vm2 (npm) Jul 13, 2023
leesh3288
git-commit-info vulnerable to Command Injection Critical
CVE-2023-26134 was published for git-commit-info (npm) Jun 28, 2023
appium-desktop OS Command Injection vulnerability Critical
CVE-2023-2479 was published for appium-desktop (npm) May 2, 2023
nemo-appium vulnerable to OS Command Injection Critical
CVE-2022-21129 was published for nemo-appium (npm) Jan 31, 2023
wifey vulnerable to Command Injection due to improper input sanitization Critical
CVE-2022-25890 was published for wifey (npm) Jan 9, 2023
abacus-ext-cmdline vulnerable to Command Injection High
CVE-2022-24431 was published for abacus-ext-cmdline (npm) Dec 21, 2022
p4 vulnerable to Command Injection due to improper input sanitization High
CVE-2022-25171 was published for p4 (npm) Dec 20, 2022
simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol High
CVE-2022-25912 was published for simple-git (npm) Dec 6, 2022
nadesiko3 vulnerable to OS Command Injection Critical
CVE-2022-42496 was published for nadesiko3 (npm) Dec 5, 2022
Nadesiko3 OS Command Injection vulnerability Critical
CVE-2022-41642 was published for nadesiko3 (npm) Dec 5, 2022
Snyk plugins vulnerable to Command Injection Moderate
CVE-2022-22984 was published for @snyk/snyk-cocoapods-plugin (npm) Nov 30, 2022
Snyk CLI affected by Command Injection vulnerability High
CVE-2022-40764 was published for snyk (npm) Oct 4, 2022
ffmpeg-sdk vulnerable to OS Command Injection Critical
CVE-2020-28435 was published for ffmpeg-sdk (npm) Jul 26, 2022
xopen is vulnerable to OS Command Injection in Exported Function xopen(filepath) Critical
CVE-2020-28447 was published for xopen (npm) Jul 26, 2022
thenify before 3.3.1 made use of unsafe calls to `eval`. Critical
CVE-2020-7677 was published for org.webjars.npm:thenify (Maven) Jul 18, 2022
OS Command Injection in proctree High
CVE-2021-34082 was published for proctree (npm) Jun 3, 2022
OS Command Injection in s3-uploader High
CVE-2021-34084 was published for s3-uploader (npm) Jun 3, 2022
Command injection in google-it High
CVE-2021-34083 was published for google-it (npm) Jun 3, 2022
OS Command injection in ssl-utils High
CVE-2021-34080 was published for ssl-utils (npm) Jun 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database