GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,071
Erlang
29
GitHub Actions
19
Go
1,893
Maven
5,000+
npm
3,630
NuGet
638
pip
3,243
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
325 advisories
Filter by severity
OS command execution vulnerability in Perfecto Plugin
High
CVE-2020-2261
was published
for
io.jenkins.plugins:perfecto
(Maven)
May 24, 2022
Magento command injection vulnerability
Critical
CVE-2020-9582
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento command injection vulnerability
Critical
CVE-2020-9583
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento command injection vulnerability
Critical
CVE-2020-9576
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento command injection vulnerability
Critical
CVE-2020-9578
was published
for
magento/community-edition
(Composer)
May 24, 2022
OS command injection vulnerability in Jenkins Play Framework Plugin
High
CVE-2020-2200
was published
for
org.jenkins-ci.plugins:play-autotest-plugin
(Maven)
May 24, 2022
chrome-launcher subject to OS Command Injection
Critical
CVE-2020-7645
was published
for
chrome-launcher
(npm)
May 24, 2022
Clamscan vulnerable to command injection
High
CVE-2020-7613
was published
for
clamscan
(npm)
May 24, 2022
Improper Neutralization of Special Elements used in an OS Command in Blamer
Critical
CVE-2019-10807
was published
for
blamer
(npm)
May 24, 2022
OS command injection in CryptoMove Plugin
High
CVE-2020-2159
was published
for
io.jenkins.plugins:cryptomove
(Maven)
May 24, 2022
Froxlor arbitrary code execution via the database configuration options
High
CVE-2020-10235
was published
for
froxlor/froxlor
(Composer)
May 24, 2022
promise-probe OS command injection vulnerability
Critical
CVE-2019-10791
was published
for
promise-probe
(npm)
May 24, 2022
php-shellcommand command injection vulnerability
Critical
CVE-2019-10774
was published
for
mikehaertl/php-shellcommand
(Composer)
May 24, 2022
Treekill Enables OS Command Injection
Critical
CVE-2019-15598
was published
for
tree-kill
(npm)
May 24, 2022
Magento 2 Community Edition RCE Vulnerability
High
CVE-2019-8159
was published
for
magento/community-edition
(Composer)
May 24, 2022
Improper Neutralization of Special Elements used in an OS Command in Jenkins Git Client Plugin
High
CVE-2019-10392
was published
for
org.jenkins-ci.plugins:git-client
(Maven)
May 24, 2022
LibreNMS arbitrary OS commands execution
Critical
CVE-2018-20434
was published
for
librenms/librenms
(Composer)
May 24, 2022
Electron vulnerable to remote command execution
High
CVE-2017-12581
was published
for
electron
(npm)
May 17, 2022
Karteek Docsplit vulnerable to OS Command Injection
High
CVE-2013-1933
was published
for
karteek-docsplit
(RubyGems)
May 17, 2022
Arbitrary shell command execution in Jenkins EC2 Plugin
High
CVE-2017-1000502
was published
for
org.jenkins-ci.plugins:ec2
(Maven)
May 14, 2022
OS Command Injection in baserCMS
High
CVE-2018-0569
was published
for
baserproject/basercms
(Composer)
May 14, 2022
Apache James Server OS Command Injection
High
CVE-2015-7611
was published
for
org.apache.james:james-server
(Maven)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API