Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

89 advisories

Loading
PIDUsage Enables OS Command Injection Critical
CVE-2017-1000220 was published for pidusage (npm) May 13, 2022
mattberry3
rejetto HFS vulnerable to OS Command Execution by remote authenticated users Critical
CVE-2024-39943 was published for hfs (npm) Jul 5, 2024
Withdrawn Advisory: OS Command Injection in effect Critical
CVE-2020-7624 was published for effect (npm) Feb 10, 2022 withdrawn
Fidget-Grep
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in ZMarkdown Critical
GHSA-2c83-wfv3-q25f was published for rebber (npm) Sep 7, 2021
gustavi
Treekill Enables OS Command Injection Critical
CVE-2019-15598 was published for tree-kill (npm) May 24, 2022
promise-probe OS command injection vulnerability Critical
CVE-2019-10791 was published for promise-probe (npm) May 24, 2022
Pedroetb TTS-API OS Command Injection Critical
CVE-2019-25158 was published for tts-api (npm) Dec 19, 2023
vm2 Sandbox Escape vulnerability Critical
CVE-2023-37903 was published for vm2 (npm) Jul 13, 2023
leesh3288
appium-desktop OS Command Injection vulnerability Critical
CVE-2023-2479 was published for appium-desktop (npm) May 2, 2023
Command Injection Vulnerability in find-exec Critical
CVE-2023-40582 was published for find-exec (npm) Aug 30, 2023
miguelafmonteiro
apiconnect-cli-plugins vulnerable to OS Command Injection Critical
CVE-2020-7633 was published for apiconnect-cli-plugins (npm) May 24, 2021
Command Injection in egg-scripts Critical
CVE-2018-3786 was published for egg-scripts (npm) Sep 17, 2018
tdunlap607
OS Command Injection in heroku-addonpool Critical
CVE-2020-7634 was published for heroku-addonpool (npm) Dec 9, 2021
OS Command Injection in node-prompt-here Critical
CVE-2020-7602 was published for node-prompt-here (npm) May 7, 2021
OS Command Injection in giting Critical
CVE-2019-10802 was published for giting (npm) Apr 13, 2021
KateCatlin
Remote Code Execution Vulnerability in NPM mongo-express Critical
CVE-2019-10758 was published for mongo-express (npm) Dec 30, 2019
JLLeitschuh
OS Command Injection in docker-compose-remote-api Critical
CVE-2020-7606 was published for docker-compose-remote-api (npm) May 7, 2021
ps Enables OS Command Injection Critical
CVE-2018-16460 was published for ps (npm) Sep 17, 2018
push-dir Enables OS Command Injection Critical
CVE-2019-10803 was published for push-dir (npm) Feb 9, 2022
Command Injection in nuance-gulp-build-common Critical
CVE-2020-28430 was published for nuance-gulp-build-common (npm) Apr 13, 2021 withdrawn
karma-mojo enables OS Command Injection Critical
CVE-2020-7626 was published for karma-mojo (npm) Feb 10, 2022
Command injection in buns Critical
CVE-2020-7794 was published for buns (npm) Jan 13, 2021
Command Execution in windows-cpu Critical
CVE-2017-1000219 was published for windows-cpu (npm) Sep 1, 2020
OS Command Injection in Locutus Critical
CVE-2020-13619 was published for locutus (npm) Jul 26, 2021
OS Command Injection in gulp-tape Critical
CVE-2020-7605 was published for gulp-tape (npm) May 7, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database