Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

88 advisories

Loading
Pedroetb TTS-API OS Command Injection Critical
CVE-2019-25158 was published for tts-api (npm) Dec 19, 2023
Command Injection Vulnerability in find-exec Critical
CVE-2023-40582 was published for find-exec (npm) Aug 30, 2023
miguelafmonteiro
vm2 Sandbox Escape vulnerability Critical
CVE-2023-37903 was published for vm2 (npm) Jul 13, 2023
leesh3288
appium-desktop OS Command Injection vulnerability Critical
CVE-2023-2479 was published for appium-desktop (npm) May 2, 2023
nemo-appium vulnerable to OS Command Injection Critical
CVE-2022-21129 was published for nemo-appium (npm) Jan 31, 2023
wifey vulnerable to Command Injection due to improper input sanitization Critical
CVE-2022-25890 was published for wifey (npm) Jan 9, 2023
Nadesiko3 OS Command Injection vulnerability Critical
CVE-2022-41642 was published for nadesiko3 (npm) Dec 5, 2022
nadesiko3 vulnerable to OS Command Injection Critical
CVE-2022-42496 was published for nadesiko3 (npm) Dec 5, 2022
ffmpeg-sdk vulnerable to OS Command Injection Critical
CVE-2020-28435 was published for ffmpeg-sdk (npm) Jul 26, 2022
xopen is vulnerable to OS Command Injection in Exported Function xopen(filepath) Critical
CVE-2020-28447 was published for xopen (npm) Jul 26, 2022
thenify before 3.3.1 made use of unsafe calls to `eval`. Critical
CVE-2020-7677 was published for org.webjars.npm:thenify (Maven) Jul 18, 2022
chrome-launcher subject to OS Command Injection Critical
CVE-2020-7645 was published for chrome-launcher (npm) May 24, 2022
furi0us333
Improper Neutralization of Special Elements used in an OS Command in Blamer Critical
CVE-2019-10807 was published for blamer (npm) May 24, 2022
promise-probe OS command injection vulnerability Critical
CVE-2019-10791 was published for promise-probe (npm) May 24, 2022
Treekill Enables OS Command Injection Critical
CVE-2019-15598 was published for tree-kill (npm) May 24, 2022
Rambox RCE Vulnerability Critical
CVE-2019-17625 was published for Rambox (npm) May 24, 2022
PIDUsage Enables OS Command Injection Critical
CVE-2017-1000220 was published for pidusage (npm) May 13, 2022
mattberry3
OS Command Injection in git-pull-or-clone Critical
CVE-2022-24437 was published for git-pull-or-clone (npm) May 3, 2022
lirantal
Command injection in git-interface Critical
CVE-2022-1440 was published for git-interface (npm) Apr 23, 2022
lirantal
OS Command Injection in GenieACS Critical
CVE-2021-46704 was published for genieacs (npm) Mar 7, 2022
OS Command injection in npm-lockfile Critical
CVE-2022-0841 was published for npm-lockfile (npm) Mar 4, 2022
ljharb
OS Command Injection in install-package Critical
CVE-2020-7629 was published for install-package (npm) Feb 10, 2022
OS Command Injection in git-add-remote Critical
CVE-2020-7630 was published for git-add-remote (npm) Feb 10, 2022
OS Command Injection in node-key-sender Critical
CVE-2020-7627 was published for node-key-sender (npm) Feb 10, 2022
Withdrawn Advisory: OS Command Injection in effect Critical
CVE-2020-7624 was published for effect (npm) Feb 10, 2022 withdrawn
Fidget-Grep
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database