GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,656
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
134 advisories
Filter by severity
Vulnerability in dump function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36377
was published
for
aaptjs
(npm)
Nov 2, 2021
Vulnerability in list function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36376
was published
for
aaptjs
(npm)
Nov 2, 2021
Vulnerability in singleCrunch function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36381
was published
for
aaptjs
(npm)
Nov 1, 2021
Vulnerability in crunch function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36380
was published
for
aaptjs
(npm)
Nov 1, 2021
Bash command injection in Apache Zeppelin
Critical
CVE-2019-10095
was published
for
org.apache.zeppelin:zeppelin
(Maven)
Sep 7, 2021
Command injection in gitlogplus
Critical
CVE-2021-23412
was published
for
gitlogplus
(npm)
Jul 26, 2021
Command injection in LocalStack
Critical
CVE-2021-32090
was published
for
localstack
(pip)
Jun 18, 2021
Command Injection in @ronomon/opened
Critical
CVE-2021-29300
was published
for
@ronomon/opened
(npm)
Jun 8, 2021
Command Injection in geojson2kml
Critical
CVE-2020-28429
was published
for
geojson2kml
(npm)
May 10, 2021
Command Injection in ps-visitor
Critical
CVE-2021-23374
was published
for
ps-visitor
(npm)
May 7, 2021
Command Injection in onion-oled-js
Critical
CVE-2021-23377
was published
for
onion-oled-js
(npm)
May 7, 2021
Command Injection in ffmpegdotjs
Critical
CVE-2021-23376
was published
for
ffmpegdotjs
(npm)
May 6, 2021
Command injection in launchpad
Critical
CVE-2021-23330
was published
for
launchpad
(npm)
Apr 13, 2021
Command Injection in nuance-gulp-build-common
Critical
CVE-2020-28430
was published
for
nuance-gulp-build-common
(npm)
Apr 13, 2021
•
withdrawn
Command injection in eslint-fixer
Critical
CVE-2021-26275
was published
for
eslint-fixer
(npm)
Apr 13, 2021
Code injection in kill-process-by-name
Critical
CVE-2021-23356
was published
for
kill-process-by-name
(npm)
Mar 19, 2021
Command injection in wc-cmd
Critical
CVE-2020-28431
was published
for
wc-cmd
(npm)
Mar 19, 2021
•
withdrawn
Command injection in samba-client
Critical
CVE-2021-27185
was published
for
samba-client
(npm)
Feb 11, 2021
Command injection in ts-process-promises
Critical
CVE-2020-7784
was published
for
ts-process-promises
(npm)
Jan 13, 2021
ProTip!
Advisories are also available from the
GraphQL API