Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+

90 advisories

Loading
OS Command Injection in pomelo-monitor Critical
CVE-2020-7620 was published for pomelo-monitor (npm) May 10, 2021
Command injection in get-git-data Critical
CVE-2020-7619 was published for get-git-data (npm) May 10, 2021
OS Command Injection in pulverizr Critical
CVE-2020-7604 was published for pulverizr (npm) May 7, 2021
OS Command Injection in node-prompt-here Critical
CVE-2020-7602 was published for node-prompt-here (npm) May 7, 2021
OS Command Injection in closure-compiler-stream Critical
CVE-2020-7603 was published for closure-compiler-stream (npm) May 7, 2021
OS Command Injection in gulp-scss-lint Critical
CVE-2020-7601 was published for gulp-scss-lint (npm) May 7, 2021
OS Command Injection in gulp-tape Critical
CVE-2020-7605 was published for gulp-tape (npm) May 7, 2021
OS Command Injection in gulkp-styledocco Critical
CVE-2020-7607 was published for gulp-styledocco (npm) May 7, 2021
OS Command Injection in docker-compose-remote-api Critical
CVE-2020-7606 was published for docker-compose-remote-api (npm) May 7, 2021
Command injection in bestzip Critical
CVE-2020-7730 was published for bestzip (npm) May 6, 2021
Command injection in corenlp-js-prefab Critical
CVE-2020-28439 was published for corenlp-js-prefab (npm) Apr 13, 2021
OS Command Injection in giting Critical
CVE-2019-10802 was published for giting (npm) Apr 13, 2021
KateCatlin
Command Injection in nuance-gulp-build-common Critical
CVE-2020-28430 was published for nuance-gulp-build-common (npm) Apr 13, 2021 withdrawn
Improper Input Validation in network-manager Critical
CVE-2019-10786 was published for network-manager (npm) Apr 13, 2021
Improper neutralization of arguments in freediskspace Critical
CVE-2020-7775 was published for freediskspace (npm) Apr 13, 2021
Command Injection in async-git Critical
CVE-2020-28490 was published for async-git (npm) Apr 12, 2021
Command injection in node-ps Critical
CVE-2020-7785 was published for node-ps (npm) Mar 19, 2021
Command injection in samba-client Critical
CVE-2021-27185 was published for samba-client (npm) Feb 11, 2021
OS Command Injection in async-git Critical
CVE-2021-3190 was published for async-git (npm) Jan 29, 2021
Command injection in buns Critical
CVE-2020-7794 was published for buns (npm) Jan 13, 2021
Command Injection in corenlp-js-interface Critical
CVE-2020-28440 was published for corenlp-js-interface (npm) Dec 18, 2020
Command injection in connection-tester Critical
CVE-2020-7781 was published for connection-tester (npm) Dec 17, 2020
Arbitrary Code Execution in require-node Critical
GHSA-8j6j-4h2c-c65p was published for require-node (npm) Sep 3, 2020
Command Injection in pdf-image Critical
CVE-2018-3757 was published for pdf-image (npm) Sep 1, 2020
Command Execution in windows-cpu Critical
CVE-2017-1000219 was published for windows-cpu (npm) Sep 1, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database