GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
340 advisories
Filter by severity
Command Injection in git-tags-remote
High
GHSA-gm9x-q798-hmr4
was published
for
git-tags-remote
(npm)
Jul 29, 2020
Command Injection in Kylin
High
CVE-2020-1956
was published
for
org.apache.kylin:kylin-core-common
(Maven)
Jul 27, 2020
Command Injection in Kylin
Critical
CVE-2020-13925
was published
for
org.apache.kylin:kylin-server-base
(Maven)
Jul 27, 2020
Command injection via Celery broker in Apache Airflow
Critical
CVE-2020-11981
was published
for
apache-airflow
(pip)
Jul 27, 2020
Remote code execution (RCE) in Apache Airflow
High
CVE-2020-11978
was published
for
apache-airflow
(pip)
Jul 27, 2020
Command injection in codecov (npm package)
Moderate
CVE-2020-15123
was published
for
codecov
(npm)
Jul 20, 2020
curlrequest allows execution of arbitrary commands
Critical
CVE-2020-7646
was published
for
curlrequest
(npm)
May 13, 2020
Command Injection in npm-programmatic
Critical
CVE-2020-7614
was published
for
npm-programmatic
(npm)
Apr 23, 2020
OS Command Injection in devcert-sanscache
Critical
CVE-2019-10778
was published
for
devcert-sanscache
(npm)
Apr 14, 2020
Reflected XSS in SilverStripe
Moderate
CVE-2019-19325
was published
for
silverstripe/framework
(Composer)
Feb 24, 2020
codecov NPM module allows remote attackers to execute arbitrary commands
High
CVE-2020-7597
was published
for
codecov
(npm)
Feb 19, 2020
Yarn Improper link resolution before file access (Link Following)
High
CVE-2019-10773
was published
for
yarn
(npm)
Feb 14, 2020
BibTeX-Ruby vulnerable to OS command injection
Critical
CVE-2019-10780
was published
for
bibtex-ruby
(RubyGems)
Feb 14, 2020
OS command injection in aws-lambda
Critical
CVE-2019-10777
was published
for
aws-lambda
(npm)
Feb 14, 2020
OS command injection in git-diff-apply
Critical
CVE-2019-10776
was published
for
git-diff-apply
(npm)
Feb 14, 2020
Remote Code Execution Vulnerability in NPM mongo-express
Critical
CVE-2019-10758
was published
for
mongo-express
(npm)
Dec 30, 2019
Command Injection in gitlabhook
Critical
CVE-2019-5485
was published
for
gitlabhook
(npm)
Sep 16, 2019
OS Command Injection in Nexus Yum Repository Plugin
High
CVE-2019-5475
was published
for
org.sonatype.nexus.plugins:nexus-yum-repository-plugin
(Maven)
Sep 11, 2019
Nokogiri Command Injection Vulnerability
Critical
CVE-2019-5477
was published
for
nokogiri
(RubyGems)
Aug 19, 2019
OS Command Injection in MiniMagick
High
CVE-2019-13574
was published
for
mini_magick
(RubyGems)
Jul 18, 2019
Command Injection in Xstream
Critical
CVE-2013-7285
was published
for
com.thoughtworks.xstream:xstream
(Maven)
May 29, 2019
Apache Tomcat OS Command Injection vulnerability
High
CVE-2019-0232
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Apr 18, 2019
ProTip!
Advisories are also available from the
GraphQL API