GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
158 advisories
Filter by severity
Gerapy < 0.9.8 may cause remote code execution
Critical
CVE-2021-43857
was published
for
gerapy
(pip)
Jan 6, 2022
BibTeX-Ruby vulnerable to OS command injection
Critical
CVE-2019-10780
was published
for
bibtex-ruby
(RubyGems)
Feb 14, 2020
Nokogiri Command Injection Vulnerability
Critical
CVE-2019-5477
was published
for
nokogiri
(RubyGems)
Aug 19, 2019
Shell Metacharacter Injection in kelredd-pruview
Critical
CVE-2013-1947
was published
for
kelredd-pruview
(RubyGems)
Oct 24, 2017
Apache Hadoop argument injection vulnerability
Critical
CVE-2022-25168
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Aug 5, 2022
Command Injection in gitlabhook
Critical
CVE-2019-5485
was published
for
gitlabhook
(npm)
Sep 16, 2019
Command Injection vulnerability in asciidoctor-include-ext
Critical
CVE-2022-24803
was published
for
asciidoctor-include-ext
(RubyGems)
Mar 31, 2022
Remote shell execution vulnerability in image_processing
Critical
CVE-2022-24720
was published
for
image_processing
(RubyGems)
Mar 1, 2022
Gogs OS Command Injection vulnerability
Critical
CVE-2022-2024
was published
for
gogs.io/gogs
(Go)
Feb 28, 2023
smalruby and smalruby-editor vulnerable to OS Command Injection
Critical
CVE-2017-2096
was published
for
smalruby
(RubyGems)
May 13, 2022
OS Command Injection in gulp-scss-lint
Critical
CVE-2020-7601
was published
for
gulp-scss-lint
(npm)
May 7, 2021
nemo-appium vulnerable to OS Command Injection
Critical
CVE-2022-21129
was published
for
nemo-appium
(npm)
Jan 31, 2023
Command Injection in git-dummy-commit
Critical
CVE-2018-3785
was published
for
git-dummy-commit
(npm)
Aug 21, 2018
OS Command Injection in GenieACS
Critical
CVE-2021-46704
was published
for
genieacs
(npm)
Mar 7, 2022
OS Command injection in npm-lockfile
Critical
CVE-2022-0841
was published
for
npm-lockfile
(npm)
Mar 4, 2022
OS command injection in ripgrep
Critical
CVE-2021-3013
was published
for
grep-cli
(Rust)
Aug 5, 2021
OpenTSDB vulnerable to OS Command Injection
Critical
CVE-2018-12972
was published
for
net.opentsdb:opentsdb
(Maven)
May 13, 2022
Potential Command Injection in shell-quote
Critical
CVE-2016-10541
was published
for
shell-quote
(npm)
Feb 18, 2019
OS Command Injection in Apache Airflow
Critical
CVE-2022-40189
was published
for
apache-airflow
(pip)
Nov 22, 2022
OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS
Critical
CVE-2021-41243
was published
for
baserproject/basercms
(Composer)
Dec 1, 2021
Vulnerability in singleCrunch function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36381
was published
for
aaptjs
(npm)
Nov 1, 2021
ProTip!
Advisories are also available from the
GraphQL API