Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,656
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

134 advisories

Loading
ffmpeg-sdk vulnerable to OS Command Injection Critical
CVE-2020-28435 was published for ffmpeg-sdk (npm) Jul 26, 2022
ntesseract vulnerable to Command Injection Critical
CVE-2020-28446 was published for ntesseract (npm) Jul 26, 2022
xopen is vulnerable to OS Command Injection in Exported Function xopen(filepath) Critical
CVE-2020-28447 was published for xopen (npm) Jul 26, 2022
sonar-wrapper Command Injection vulnerability Critical
CVE-2020-28443 was published for sonar-wrapper (npm) Jul 26, 2022
HashiCorp go-getter command injection Critical
CVE-2022-26945 was published for github.com/hashicorp/go-getter (Go) May 26, 2022
Improper Neutralization of Special Elements used in a Command in Shell-quote Critical
CVE-2021-42740 was published for shell-quote (npm) May 24, 2022
MyTrueWallet kurt-r2c
jwilk
SaltStack Salt command injection in the Salt-API when using the Salt-SSH client Critical
CVE-2021-3148 was published for salt (pip) May 24, 2022
SaltStack Salt is vulnerable to command injection Critical
CVE-2019-17361 was published for salt (pip) May 24, 2022
Total.js CMS RCE Vulnerability Critical
CVE-2019-15954 was published for total4 (npm) May 24, 2022
Command injection in Apache Maven maven-shared-utils Critical
CVE-2022-29599 was published for org.apache.maven.shared:maven-shared-utils (Maven) May 24, 2022
Swift Mailer mail transport Command Injection Critical
CVE-2016-10074 was published for swiftmailer/swiftmailer (Composer) May 17, 2022
zend-mail remote code execution via Sendmail adapter Critical
CVE-2016-10034 was published for zendframework/zend-mail (Composer) May 14, 2022
karo Metacharacter Handling Remote Command Execution Critical
CVE-2014-10075 was published for karo (RubyGems) May 14, 2022
jasnow
Donfig Command Injection in collect_yaml method Critical
CVE-2019-7537 was published for donfig (pip) May 14, 2022
Command injection in workspace-tools Critical
CVE-2022-25865 was published for workspace-tools (npm) May 14, 2022
OS Command Injection in git-pull-or-clone Critical
CVE-2022-24437 was published for git-pull-or-clone (npm) May 3, 2022
lirantal
Command injection in npm-dependency-versions Critical
CVE-2022-29080 was published for npm-dependency-versions (npm) Apr 13, 2022
p-w
Command Injection Vulnerability with Mercurial in VCS Critical
CVE-2022-21235 was published for github.com/Masterminds/vcs (Go) Apr 1, 2022
dellalibera
Remote Code Execution in Contao Managed Edition Critical
CVE-2022-26265 was published for contao/managed-edition (Composer) Mar 20, 2022
Command injection in libvcs and vcspull Critical
CVE-2022-21187 was published for libvcs (pip) Mar 15, 2022
tony
Code injection in @rkesters/gnuplot Critical
CVE-2021-29369 was published for @rkesters/gnuplot (npm) Feb 10, 2022
Command Injection in node-windows Critical
CVE-2021-45459 was published for node-windows (npm) Jan 5, 2022
dwisiswant0 tdunlap607
Command injection in itext7-core Critical
CVE-2021-43113 was published for com.itextpdf:itext7-core (Maven) Dec 16, 2021
Vulnerability in packageCmd function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36378 was published for aaptjs (npm) Nov 2, 2021
Vulnerability in remove function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36379 was published for aaptjs (npm) Nov 2, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database