GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
158 advisories
Filter by severity
Vulnerability in crunch function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36380
was published
for
aaptjs
(npm)
Nov 1, 2021
Vulnerability in packageCmd function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36378
was published
for
aaptjs
(npm)
Nov 2, 2021
Vulnerability in list function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36376
was published
for
aaptjs
(npm)
Nov 2, 2021
Vulnerability in dump function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36377
was published
for
aaptjs
(npm)
Nov 2, 2021
Vulnerability in remove function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36379
was published
for
aaptjs
(npm)
Nov 2, 2021
OS Command Injection in node-mpv
Critical
CVE-2020-7632
was published
for
node-mpv
(npm)
Jan 7, 2022
Code injection in @rkesters/gnuplot
Critical
CVE-2021-29369
was published
for
@rkesters/gnuplot
(npm)
Feb 10, 2022
OS Command Injection in node-key-sender
Critical
CVE-2020-7627
was published
for
node-key-sender
(npm)
Feb 10, 2022
OS Command Injection in adb-driver
Critical
CVE-2020-7636
was published
for
adb-driver
(npm)
Dec 9, 2021
OS Command Injection in diskusage-ng
Critical
CVE-2020-7631
was published
for
diskusage-ng
(npm)
Jan 7, 2022
OS Command Injection in wifiscanner
Critical
CVE-2020-15362
was published
for
wifiscanner
(npm)
May 17, 2021
OS Command Injection in git-add-remote
Critical
CVE-2020-7630
was published
for
git-add-remote
(npm)
Feb 10, 2022
OS Command Injection in install-package
Critical
CVE-2020-7629
was published
for
install-package
(npm)
Feb 10, 2022
OS Command Injection in strong-nginx-controller
Critical
CVE-2020-7621
was published
for
strong-nginx-controller
(npm)
Feb 10, 2022
OS Command Injection in pomelo-monitor
Critical
CVE-2020-7620
was published
for
pomelo-monitor
(npm)
May 10, 2021
Command injection in get-git-data
Critical
CVE-2020-7619
was published
for
get-git-data
(npm)
May 10, 2021
Command injection in corenlp-js-prefab
Critical
CVE-2020-28439
was published
for
corenlp-js-prefab
(npm)
Apr 13, 2021
Improper Input Validation in network-manager
Critical
CVE-2019-10786
was published
for
network-manager
(npm)
Apr 13, 2021
OS Command Injection in async-git
Critical
CVE-2021-3190
was published
for
async-git
(npm)
Jan 29, 2021
Improper neutralization of arguments in freediskspace
Critical
CVE-2020-7775
was published
for
freediskspace
(npm)
Apr 13, 2021
Command Injection in corenlp-js-interface
Critical
CVE-2020-28440
was published
for
corenlp-js-interface
(npm)
Dec 18, 2020
Command injection in connection-tester
Critical
CVE-2020-7781
was published
for
connection-tester
(npm)
Dec 17, 2020
ProTip!
Advisories are also available from the
GraphQL API