Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,153
Maven
5,000+
npm
3,818
NuGet
693
pip
3,492
Pub
12
RubyGems
902
Rust
903
Swift
38
Unreviewed advisories
All unreviewed
5,000+

161 advisories

Loading
chrome-launcher subject to OS Command Injection Critical
CVE-2020-7645 was published for chrome-launcher (npm) May 24, 2022
furi0us333
Improper Neutralization of Special Elements used in an OS Command in Blamer Critical
CVE-2019-10807 was published for blamer (npm) May 24, 2022
promise-probe OS command injection vulnerability Critical
CVE-2019-10791 was published for promise-probe (npm) May 24, 2022
php-shellcommand command injection vulnerability Critical
CVE-2019-10774 was published for mikehaertl/php-shellcommand (Composer) May 24, 2022
Treekill Enables OS Command Injection Critical
CVE-2019-15598 was published for tree-kill (npm) May 24, 2022
Rambox RCE Vulnerability Critical
CVE-2019-17625 was published for Rambox (npm) May 24, 2022
LibreNMS arbitrary OS commands execution Critical
CVE-2018-20434 was published for librenms/librenms (Composer) May 24, 2022
Pillow command injection Critical
CVE-2014-3007 was published for pillow (pip) May 17, 2022
Command Injection in Pygments Critical
CVE-2015-8557 was published for Pygments (pip) May 17, 2022
tdunlap607
OpenTSDB vulnerable to OS Command Injection Critical
CVE-2018-12972 was published for net.opentsdb:opentsdb (Maven) May 13, 2022
Codiad Vulnerable to Shell Command Injection Critical
CVE-2017-11366 was published for codiad/codiad (Composer) May 13, 2022
PIDUsage Enables OS Command Injection Critical
CVE-2017-1000220 was published for pidusage (npm) May 13, 2022
mattberry3
Mercurial is vulnerable to shell injection attack Critical
CVE-2017-1000116 was published for mercurial (pip) May 13, 2022
Mercurial vulnerable to arbitrary code injection Critical
CVE-2017-17458 was published for mercurial (pip) May 13, 2022
Akeneo PIM vulnerable to shell injection in the mass edition Critical
CVE-2017-1000009 was published for akeneo/pim-community-dev (Composer) May 13, 2022
elFinder command injection vulnerability in the PHP connector Critical
CVE-2019-9194 was published for studio-42/elfinder (Composer) May 13, 2022
smalruby and smalruby-editor vulnerable to OS Command Injection Critical
CVE-2017-2096 was published for smalruby (RubyGems) May 13, 2022
OS Command Injection in Plexus-utils Critical
CVE-2017-1000487 was published for org.codehaus.plexus:plexus-utils (Maven) May 13, 2022
OS Command Injection in git-pull-or-clone Critical
CVE-2022-24437 was published for git-pull-or-clone (npm) May 3, 2022
lirantal
Command injection in git-interface Critical
CVE-2022-1440 was published for git-interface (npm) Apr 23, 2022
lirantal
Command Injection vulnerability in asciidoctor-include-ext Critical
CVE-2022-24803 was published for asciidoctor-include-ext (RubyGems) Mar 31, 2022
joernchen
Command Injection in CasaOS Critical
CVE-2022-24193 was published for github.com/IceWhaleTech/CasaOS (Go) Mar 11, 2022
OS Command Injection in GenieACS Critical
CVE-2021-46704 was published for genieacs (npm) Mar 7, 2022
OS Command injection in npm-lockfile Critical
CVE-2022-0841 was published for npm-lockfile (npm) Mar 4, 2022
ljharb
Remote shell execution vulnerability in image_processing Critical
CVE-2022-24720 was published for image_processing (RubyGems) Mar 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database