GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,241 advisories
Filter by severity
Shell Metacharacter Injection in kelredd-pruview
Critical
CVE-2013-1947
was published
for
kelredd-pruview
(RubyGems)
Oct 24, 2017
Cocaine Gem OS Command Injection vulnerability
Moderate
CVE-2013-4457
was published
for
cocaine
(RubyGems)
Oct 24, 2017
Creme Fraiche contains OS Command Injection
Critical
CVE-2013-2090
was published
for
cremefraiche
(RubyGems)
Oct 24, 2017
Remote Code Execution in electron
High
CVE-2018-1000006
was published
for
electron
(npm)
Jan 23, 2018
Electron protocol handler browser vulnerable to Command Injection
High
CVE-2018-1000118
was published
for
electron
(npm)
Mar 26, 2018
Growl before 1.10.0 vulnerable to Command Injection
Critical
CVE-2017-16042
was published
for
growl
(npm)
Jun 8, 2018
Command Injection in git-dummy-commit
Critical
CVE-2018-3785
was published
for
git-dummy-commit
(npm)
Aug 21, 2018
Command Injection in macaddress
Critical
CVE-2018-13797
was published
for
macaddress
(npm)
Sep 6, 2018
Command Injection in egg-scripts
Critical
CVE-2018-3786
was published
for
egg-scripts
(npm)
Sep 17, 2018
conference-scheduler-cli Arbitrary Code Execution
High
CVE-2018-14572
was published
for
conference-scheduler-cli
(pip)
Oct 29, 2018
OS Command Injection in craftercms:crafter-studio
High
CVE-2018-19907
was published
for
org.craftercms:crafter-studio
(Maven)
Dec 19, 2018
react-dev-utils on Windows vulnerable to Remote Code Execution
High
CVE-2018-6342
was published
for
react-dev-utils
(npm)
Jan 4, 2019
Potential Command Injection in shell-quote
Critical
CVE-2016-10541
was published
for
shell-quote
(npm)
Feb 18, 2019
Apache Tomcat OS Command Injection vulnerability
High
CVE-2019-0232
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Apr 18, 2019
Command Injection in Xstream
Critical
CVE-2013-7285
was published
for
com.thoughtworks.xstream:xstream
(Maven)
May 29, 2019
OS Command Injection in MiniMagick
High
CVE-2019-13574
was published
for
mini_magick
(RubyGems)
Jul 18, 2019
Nokogiri Command Injection Vulnerability
Critical
CVE-2019-5477
was published
for
nokogiri
(RubyGems)
Aug 19, 2019
OS Command Injection in Nexus Yum Repository Plugin
High
CVE-2019-5475
was published
for
org.sonatype.nexus.plugins:nexus-yum-repository-plugin
(Maven)
Sep 11, 2019
Command Injection in gitlabhook
Critical
CVE-2019-5485
was published
for
gitlabhook
(npm)
Sep 16, 2019
Remote Code Execution Vulnerability in NPM mongo-express
Critical
CVE-2019-10758
was published
for
mongo-express
(npm)
Dec 30, 2019
OS command injection in git-diff-apply
Critical
CVE-2019-10776
was published
for
git-diff-apply
(npm)
Feb 14, 2020
OS command injection in aws-lambda
Critical
CVE-2019-10777
was published
for
aws-lambda
(npm)
Feb 14, 2020
BibTeX-Ruby vulnerable to OS command injection
Critical
CVE-2019-10780
was published
for
bibtex-ruby
(RubyGems)
Feb 14, 2020
ProTip!
Advisories are also available from the
GraphQL API