Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

87 advisories

Loading
Code injection in mock2easy Critical
CVE-2020-7697 was published for mock2easy (npm) May 6, 2021
Command Injection in ffmpegdotjs Critical
CVE-2021-23376 was published for ffmpegdotjs (npm) May 6, 2021
Command injection in launchpad Critical
CVE-2021-23330 was published for launchpad (npm) Apr 13, 2021
Command Injection in nuance-gulp-build-common Critical
CVE-2020-28430 was published for nuance-gulp-build-common (npm) Apr 13, 2021 withdrawn
Command injection in eslint-fixer Critical
CVE-2021-26275 was published for eslint-fixer (npm) Apr 13, 2021
Command injection in gitlog Critical
CVE-2021-26541 was published for gitlog (npm) Apr 13, 2021
Command injection in fs-path Critical
CVE-2020-8298 was published for fs-path (npm) Mar 25, 2021
Command Injection in ps-kill Critical
CVE-2021-23355 was published for ps-kill (npm) Mar 19, 2021
Code injection in kill-process-by-name Critical
CVE-2021-23356 was published for kill-process-by-name (npm) Mar 19, 2021
Command injection in wc-cmd Critical
CVE-2020-28431 was published for wc-cmd (npm) Mar 19, 2021 withdrawn
Command injection in samba-client Critical
CVE-2021-27185 was published for samba-client (npm) Feb 11, 2021
Command injection in ts-process-promises Critical
CVE-2020-7784 was published for ts-process-promises (npm) Jan 13, 2021
Command injection in buns Critical
CVE-2020-7794 was published for buns (npm) Jan 13, 2021
Command Injection in traceroute Critical
GHSA-rjvj-673q-4hfw was published for traceroute (npm) Sep 4, 2020
Command Injection in npm-git-publish Critical
GHSA-49mg-94fc-2fx6 was published for npm-git-publish (npm) Sep 4, 2020
Command Injection in meta-git Critical
GHSA-qcff-ffx3-m25c was published for meta-git (npm) Sep 4, 2020
Command Injection in giting Critical
GHSA-7r9x-hr76-jr96 was published for giting (npm) Sep 4, 2020
Command Injection in plotter Critical
GHSA-65xx-c85x-wg76 was published for plotter (npm) Sep 4, 2020
Command Injection in gnuplot Critical
GHSA-cfwc-xjfp-44jg was published for gnuplot (npm) Sep 4, 2020
Command Injection in marsdb Critical
GHSA-5mrr-rgp6-x4gr was published for marsdb (npm) Sep 3, 2020
Command Injection in priest-runner Critical
GHSA-9px9-f7jw-fwhj was published for priest-runner (npm) Sep 3, 2020
Command Injection in node-wifi Critical
GHSA-4x6x-782q-jfc4 was published for node-wifi (npm) Sep 3, 2020
Command Injection in bestzip Critical
GHSA-4qqc-mp5f-ccv4 was published for bestzip (npm) Sep 2, 2020
Command Injection in samsung-remote Critical
GHSA-xhjx-mfr6-9rr4 was published for samsung-remote (npm) Sep 1, 2020
Command Injection in pidusage Critical
CVE-2017-16034 was published for pidusage (npm) Sep 1, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database