Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

365 advisories

Loading
Versionn Command Injection Vulnerability Critical
CVE-2023-25805 was published for versionn (npm) Feb 22, 2023
Command Injection in thorsten/phpmyfaq Critical
CVE-2023-0789 was published for thorsten/phpmyfaq (Composer) Feb 12, 2023
semver-tags is vulnerable to Command Injection via the getGitTagsRemote function High
CVE-2022-25853 was published for semver-tags (npm) Feb 6, 2023
create-choo-app3 is vulnerable to Command Injection via the devInstall function High
CVE-2022-25855 was published for create-choo-app3 (npm) Feb 6, 2023
mt7688-wiscan is vulnerable to Command Injection due to improper input sanitization High
CVE-2022-25916 was published for mt7688-wiscan (npm) Feb 1, 2023
nemo-appium vulnerable to OS Command Injection Critical
CVE-2022-21129 was published for nemo-appium (npm) Jan 31, 2023
DataFlow upload remote code execution vulnerability High
CVE-2021-41231 was published for openmage/magento-lts (Composer) Jan 27, 2023
Fix for authenticated remote code execution through layout update High
CVE-2021-41144 was published for openmage/magento-lts (Composer) Jan 27, 2023
Fix for arbitrary file deletion in customer media allows for remote code execution High
CVE-2021-41143 was published for openmage/magento-lts (Composer) Jan 27, 2023
Fix for arbitrary command execution in custom layout update through blocks High
CVE-2021-39217 was published for openmage/magento-lts (Composer) Jan 27, 2023
flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution Critical
CVE-2013-2513 was published for flash_tool (RubyGems) Jan 26, 2023
Command injection in smartctl High
CVE-2022-21810 was published for smartctl (npm) Jan 26, 2023
Command Injection in puppet-facter High
CVE-2022-25350 was published for puppet-facter (npm) Jan 26, 2023
Command injection in vagrant.js Critical
CVE-2022-25962 was published for vagrant.js (npm) Jan 26, 2023
Command Injection in create-choo-electron Critical
CVE-2022-25908 was published for create-choo-electron (npm) Jan 26, 2023
Command injection in Git package in Wrangler High
CVE-2022-31249 was published for github.com/rancher/wrangler (Go) Jan 25, 2023
cokeBeer aruneko
tdunlap607
Command injection in Rancher Git package Moderate
CVE-2022-43758 was published for github.com/rancher/rancher (Go) Jan 25, 2023
cokeBeer snoopysecurity
Command Injection in Apache Airflow and Apache Airflow MySQL Provider Critical
CVE-2023-22884 was published for apache-airflow (pip) Jan 21, 2023
Froxlor vulnerable to Command Injection High
CVE-2023-0315 was published for froxlor/froxlor (Composer) Jan 16, 2023
global-modules-path Command Injection vulnerability Critical
CVE-2022-21191 was published for global-modules-path (npm) Jan 13, 2023
gry vulnerable to Command Injection High
CVE-2020-36650 was published for gry (npm) Jan 11, 2023
wifey vulnerable to Command Injection due to improper input sanitization Critical
CVE-2022-25890 was published for wifey (npm) Jan 9, 2023
exec-local-bin vulnerable to Command Injection Critical
CVE-2022-25923 was published for exec-local-bin (npm) Jan 6, 2023
window-control vulnerable to Command Injection due to improper input sanitization High
CVE-2022-25926 was published for window-control (npm) Jan 4, 2023
Apache Kylin vulnerable to Command injection by Diagnosis Controller Critical
CVE-2022-44621 was published for org.apache.kylin:kylin-server-base (Maven) Dec 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database