Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

320 advisories

Loading
Jenkins Convert To Pipeline Plugin vulnerable to command injection High
CVE-2023-28677 was published for org.jenkins-ci.plugins:convert-to-pipeline (Maven) Apr 2, 2023
Apache UIMA DUCC allows remote code execution High
CVE-2023-28935 was published for org.apache.uima:uima-ducc-parent (Maven) Mar 30, 2023
github-slug-action vulnerable to arbitrary code execution High
CVE-2023-27581 was published for rlespinasse/github-slug-action (GitHub Actions) Mar 13, 2023
R3x rlespinasse
stoqey/gnuplot is vulnerable to command injection Critical
CVE-2021-33360 was published for @stoqey/gnuplot (npm) Mar 10, 2023
json-logic-js Command Injection vulnerability Critical
CVE-2021-4329 was published for json-logic-js (npm) Mar 5, 2023
Imperative CLI vulnerable to Command Injection Low
CVE-2021-4326 was published for @zowe/imperative (npm) Mar 1, 2023
MarkAckert
Versionn Command Injection Vulnerability Critical
CVE-2023-25805 was published for versionn (npm) Feb 22, 2023
Command Injection in thorsten/phpmyfaq Critical
CVE-2023-0789 was published for thorsten/phpmyfaq (Composer) Feb 12, 2023
semver-tags is vulnerable to Command Injection via the getGitTagsRemote function High
CVE-2022-25853 was published for semver-tags (npm) Feb 6, 2023
create-choo-app3 is vulnerable to Command Injection via the devInstall function High
CVE-2022-25855 was published for create-choo-app3 (npm) Feb 6, 2023
mt7688-wiscan is vulnerable to Command Injection due to improper input sanitization High
CVE-2022-25916 was published for mt7688-wiscan (npm) Feb 1, 2023
nemo-appium vulnerable to OS Command Injection Critical
CVE-2022-21129 was published for nemo-appium (npm) Jan 31, 2023
DataFlow upload remote code execution vulnerability High
CVE-2021-41231 was published for openmage/magento-lts (Composer) Jan 27, 2023
Fix for authenticated remote code execution through layout update High
CVE-2021-41144 was published for openmage/magento-lts (Composer) Jan 27, 2023
Fix for arbitrary file deletion in customer media allows for remote code execution High
CVE-2021-41143 was published for openmage/magento-lts (Composer) Jan 27, 2023
Fix for arbitrary command execution in custom layout update through blocks High
CVE-2021-39217 was published for openmage/magento-lts (Composer) Jan 27, 2023
flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution Critical
CVE-2013-2513 was published for flash_tool (RubyGems) Jan 26, 2023
Command injection in smartctl High
CVE-2022-21810 was published for smartctl (npm) Jan 26, 2023
Command Injection in create-choo-electron Critical
CVE-2022-25908 was published for create-choo-electron (npm) Jan 26, 2023
Command Injection in puppet-facter High
CVE-2022-25350 was published for puppet-facter (npm) Jan 26, 2023
Command injection in vagrant.js Critical
CVE-2022-25962 was published for vagrant.js (npm) Jan 26, 2023
Command injection in Git package in Wrangler High
CVE-2022-31249 was published for github.com/rancher/wrangler (Go) Jan 25, 2023
cokeBeer aruneko
tdunlap607
Command injection in Rancher Git package Moderate
CVE-2022-43758 was published for github.com/rancher/rancher (Go) Jan 25, 2023
cokeBeer snoopysecurity
Command Injection in Apache Airflow and Apache Airflow MySQL Provider Critical
CVE-2023-22884 was published for apache-airflow (pip) Jan 21, 2023
Froxlor vulnerable to Command Injection High
CVE-2023-0315 was published for froxlor/froxlor (Composer) Jan 16, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database