Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

158 advisories

Loading
Vulnerability in crunch function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36380 was published for aaptjs (npm) Nov 1, 2021
Vulnerability in packageCmd function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36378 was published for aaptjs (npm) Nov 2, 2021
Vulnerability in list function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36376 was published for aaptjs (npm) Nov 2, 2021
Vulnerability in dump function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36377 was published for aaptjs (npm) Nov 2, 2021
Vulnerability in remove function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36379 was published for aaptjs (npm) Nov 2, 2021
OS Command Injection in node-mpv Critical
CVE-2020-7632 was published for node-mpv (npm) Jan 7, 2022
Code injection in @rkesters/gnuplot Critical
CVE-2021-29369 was published for @rkesters/gnuplot (npm) Feb 10, 2022
OS Command Injection in node-key-sender Critical
CVE-2020-7627 was published for node-key-sender (npm) Feb 10, 2022
OS Command Injection in jscover Critical
CVE-2020-7623 was published for jscover (npm) Feb 10, 2022
OS Command Injection in adb-driver Critical
CVE-2020-7636 was published for adb-driver (npm) Dec 9, 2021
OS Command Injection in diskusage-ng Critical
CVE-2020-7631 was published for diskusage-ng (npm) Jan 7, 2022
OS Command Injection in wifiscanner Critical
CVE-2020-15362 was published for wifiscanner (npm) May 17, 2021
OS Command Injection in git-add-remote Critical
CVE-2020-7630 was published for git-add-remote (npm) Feb 10, 2022
OS Command Injection in install-package Critical
CVE-2020-7629 was published for install-package (npm) Feb 10, 2022
OS Command Injection in strong-nginx-controller Critical
CVE-2020-7621 was published for strong-nginx-controller (npm) Feb 10, 2022
Injection in op-browser Critical
CVE-2020-7625 was published for op-browser (npm) Feb 10, 2022
OS Command Injection in pomelo-monitor Critical
CVE-2020-7620 was published for pomelo-monitor (npm) May 10, 2021
Command injection in bestzip Critical
CVE-2020-7730 was published for bestzip (npm) May 6, 2021
Command injection in get-git-data Critical
CVE-2020-7619 was published for get-git-data (npm) May 10, 2021
Command injection in corenlp-js-prefab Critical
CVE-2020-28439 was published for corenlp-js-prefab (npm) Apr 13, 2021
Improper Input Validation in network-manager Critical
CVE-2019-10786 was published for network-manager (npm) Apr 13, 2021
OS Command Injection in async-git Critical
CVE-2021-3190 was published for async-git (npm) Jan 29, 2021
Improper neutralization of arguments in freediskspace Critical
CVE-2020-7775 was published for freediskspace (npm) Apr 13, 2021
Command Injection in corenlp-js-interface Critical
CVE-2020-28440 was published for corenlp-js-interface (npm) Dec 18, 2020
Command injection in connection-tester Critical
CVE-2020-7781 was published for connection-tester (npm) Dec 17, 2020
ProTip! Advisories are also available from the GraphQL API