Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

158 advisories

Loading
Gerapy < 0.9.8 may cause remote code execution Critical
CVE-2021-43857 was published for gerapy (pip) Jan 6, 2022
OS Command Injection in ftpd Critical
CVE-2013-2512 was published for ftpd (RubyGems) Oct 12, 2021
BibTeX-Ruby vulnerable to OS command injection Critical
CVE-2019-10780 was published for bibtex-ruby (RubyGems) Feb 14, 2020
Nokogiri Command Injection Vulnerability Critical
CVE-2019-5477 was published for nokogiri (RubyGems) Aug 19, 2019
tdunlap607
Rambox RCE Vulnerability Critical
CVE-2019-17625 was published for Rambox (npm) May 24, 2022
Shell Metacharacter Injection in kelredd-pruview Critical
CVE-2013-1947 was published for kelredd-pruview (RubyGems) Oct 24, 2017
Apache Hadoop argument injection vulnerability Critical
CVE-2022-25168 was published for org.apache.hadoop:hadoop-common (Maven) Aug 5, 2022
Command Injection in gitlabhook Critical
CVE-2019-5485 was published for gitlabhook (npm) Sep 16, 2019
Command Injection vulnerability in asciidoctor-include-ext Critical
CVE-2022-24803 was published for asciidoctor-include-ext (RubyGems) Mar 31, 2022
joernchen
Remote shell execution vulnerability in image_processing Critical
CVE-2022-24720 was published for image_processing (RubyGems) Mar 1, 2022
Command Injection in Pygments Critical
CVE-2015-8557 was published for Pygments (pip) May 17, 2022
tdunlap607
Gogs OS Command Injection vulnerability Critical
CVE-2022-2024 was published for gogs.io/gogs (Go) Feb 28, 2023
cokeBeer
smalruby and smalruby-editor vulnerable to OS Command Injection Critical
CVE-2017-2096 was published for smalruby (RubyGems) May 13, 2022
OS Command Injection in jw.util Critical
CVE-2020-13388 was published for jw.util (pip) Jun 2, 2021
OS Command Injection in gulp-scss-lint Critical
CVE-2020-7601 was published for gulp-scss-lint (npm) May 7, 2021
nemo-appium vulnerable to OS Command Injection Critical
CVE-2022-21129 was published for nemo-appium (npm) Jan 31, 2023
Command Injection in git-dummy-commit Critical
CVE-2018-3785 was published for git-dummy-commit (npm) Aug 21, 2018
OS Command Injection in GenieACS Critical
CVE-2021-46704 was published for genieacs (npm) Mar 7, 2022
OS Command injection in npm-lockfile Critical
CVE-2022-0841 was published for npm-lockfile (npm) Mar 4, 2022
ljharb
OS command injection in ripgrep Critical
CVE-2021-3013 was published for grep-cli (Rust) Aug 5, 2021
OpenTSDB vulnerable to OS Command Injection Critical
CVE-2018-12972 was published for net.opentsdb:opentsdb (Maven) May 13, 2022
Potential Command Injection in shell-quote Critical
CVE-2016-10541 was published for shell-quote (npm) Feb 18, 2019
OS Command Injection in Apache Airflow Critical
CVE-2022-40189 was published for apache-airflow (pip) Nov 22, 2022
OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS Critical
CVE-2021-41243 was published for baserproject/basercms (Composer) Dec 1, 2021
Vulnerability in singleCrunch function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36381 was published for aaptjs (npm) Nov 1, 2021
ProTip! Advisories are also available from the GraphQL API