GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,151 advisories
Filter by severity
Command Injection Vulnerability in systeminformation
Moderate
CVE-2020-26274
was published
for
systeminformation
(npm)
Dec 16, 2020
Command injection in connection-tester
Critical
CVE-2020-7781
was published
for
connection-tester
(npm)
Dec 17, 2020
Command Injection in corenlp-js-interface
Critical
CVE-2020-28440
was published
for
corenlp-js-interface
(npm)
Dec 18, 2020
OS Command Injection in node-notifier
Moderate
CVE-2020-7789
was published
for
node-notifier
(npm)
Dec 21, 2020
XStream vulnerable to an Arbitrary File Deletion on the local host when unmarshalling
Moderate
CVE-2020-26259
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Dec 21, 2020
OS Command Injection in async-git
Critical
CVE-2021-3190
was published
for
async-git
(npm)
Jan 29, 2021
Command Injection Vulnerability in Mechanize
High
CVE-2021-21289
was published
for
mechanize
(RubyGems)
Feb 2, 2021
Command injection in samba-client
Critical
CVE-2021-27185
was published
for
samba-client
(npm)
Feb 11, 2021
Command Injection Vulnerability
High
CVE-2021-21315
was published
for
systeminformation
(npm)
Feb 16, 2021
react-dev-utils OS Command Injection in function `getProcessForPort`
Moderate
CVE-2021-24033
was published
for
react-dev-utils
(npm)
Mar 11, 2021
XStream is vulnerable to a Remote Command Execution attack
Moderate
CVE-2021-21345
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
[thi.ng/egf] Potential arbitrary code execution of `#gpg`-tagged property values
Moderate
CVE-2021-21412
was published
for
@thi.ng/egf
(npm)
Apr 6, 2021
Arbitrary Command Injection in portprocesses
Moderate
CVE-2021-23348
was published
for
portprocesses
(npm)
Apr 6, 2021
Command injection vulnerability in @prisma/sdk in getPackedPackage function
High
CVE-2021-21414
was published
for
@prisma/sdk
(npm)
Apr 6, 2021
Command Injection Vulnerability in systeminformation
High
CVE-2021-21388
was published
for
systeminformation
(npm)
Apr 6, 2021
Command Injection in async-git
Critical
CVE-2020-28490
was published
for
async-git
(npm)
Apr 12, 2021
Improper neutralization of arguments in freediskspace
Critical
CVE-2020-7775
was published
for
freediskspace
(npm)
Apr 13, 2021
OS Command Injection in im-resize
High
CVE-2019-10787
was published
for
im-resize
(npm)
Apr 13, 2021
OS Command Injection in im-metadata
High
CVE-2019-10788
was published
for
im-metadata
(npm)
Apr 13, 2021
Improper Input Validation in network-manager
Critical
CVE-2019-10786
was published
for
network-manager
(npm)
Apr 13, 2021
Command Injection in nuance-gulp-build-common
Critical
CVE-2020-28430
was published
for
nuance-gulp-build-common
(npm)
Apr 13, 2021
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API