GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
87 advisories
Filter by severity
json-logic-js Command Injection vulnerability
Critical
CVE-2021-4329
was published
for
json-logic-js
(npm)
Mar 5, 2023
Font-Converter Vulnerable to Arbitrary Command Injection
Critical
CVE-2022-21165
was published
for
font-converter
(npm)
Aug 29, 2022
Improper Neutralization of Special Elements used in a Command in Shell-quote
Critical
CVE-2021-42740
was published
for
shell-quote
(npm)
May 24, 2022
openssl npm package vulnerable to command execution
Critical
CVE-2023-49210
was published
for
openssl
(npm)
Nov 23, 2023
exec-local-bin vulnerable to Command Injection
Critical
CVE-2022-25923
was published
for
exec-local-bin
(npm)
Jan 6, 2023
Remote code execution in dawnsparks-node-tesseract
Critical
CVE-2023-29566
was published
for
dawnsparks-node-tesseract
(npm)
Apr 24, 2023
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA
Critical
CVE-2023-33831
was published
for
@frangoteam/fuxa
(npm)
Sep 18, 2023
Remote code execution in broccoli-compass
Critical
CVE-2023-27848
was published
for
broccoli-compass
(npm)
Apr 24, 2023
systeminformation SSID Command Injection Vulnerability
Critical
CVE-2023-42810
was published
for
systeminformation
(npm)
Sep 21, 2023
Command Injection in egg-scripts
Critical
CVE-2018-3786
was published
for
egg-scripts
(npm)
Sep 17, 2018
Command Injection in apex-publish-static-files
Critical
CVE-2018-16462
was published
for
apex-publish-static-files
(npm)
Nov 1, 2018
Command Injection in nuance-gulp-build-common
Critical
CVE-2020-28430
was published
for
nuance-gulp-build-common
(npm)
Apr 13, 2021
•
withdrawn
Command injection in ts-process-promises
Critical
CVE-2020-7784
was published
for
ts-process-promises
(npm)
Jan 13, 2021
Command Injection in geojson2kml
Critical
CVE-2020-28429
was published
for
geojson2kml
(npm)
May 10, 2021
dns-sync command injection vulnerability
Critical
CVE-2014-9682
was published
for
dns-sync
(npm)
Oct 24, 2017
cycle-import-check vulnerable to Command Injection
Critical
CVE-2022-24377
was published
for
cycle-import-check
(npm)
Dec 14, 2022
@acrontum/filesystem-template vulnerable to Command Injection due to fetchRepo API missing sanitization
Critical
CVE-2022-21186
was published
for
@acrontum/filesystem-template
(npm)
Aug 6, 2022
Command Injection in node-windows
Critical
CVE-2021-45459
was published
for
node-windows
(npm)
Jan 5, 2022
Command Injection in command-exists
Critical
GHSA-cff4-rrq6-h78w
was published
for
command-exists
(npm)
Jun 3, 2019
ProTip!
Advisories are also available from the
GraphQL API