GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
30 advisories
Filter by severity
Rate Limiting Bypass in express-brute
Moderate
GHSA-984p-xq9m-4rjw
was published
for
express-brute
(npm)
Jun 7, 2019
Potential CSV Injection vector in OctoberCMS
Moderate
CVE-2020-5299
was published
for
october/backend
(Composer)
Jun 3, 2020
Command Injection in standard-version
Moderate
GHSA-7xcx-6wjh-7xp2
was published
for
standard-version
(npm)
Jul 13, 2020
Command Injection in wxchangba
Moderate
GHSA-j6v9-xgvh-f796
was published
for
wxchangba
(npm)
Sep 11, 2020
Arbitrary Command Injection in portprocesses
Moderate
CVE-2021-23348
was published
for
portprocesses
(npm)
Apr 6, 2021
Arbitrary code execution in kill-by-port
Moderate
CVE-2021-23363
was published
for
kill-by-port
(npm)
Apr 13, 2021
Arbitrary command execution in roar-pidusage
Moderate
CVE-2021-23380
was published
for
roar-pidusage
(npm)
May 6, 2021
Script injection
Moderate
CVE-2021-32661
was published
for
@backstage/plugin-techdocs
(npm)
Jun 4, 2021
Script injection
Moderate
CVE-2021-32660
was published
for
@backstage/techdocs-common
(npm)
Jun 4, 2021
Data races in noise_search
Moderate
CVE-2020-36461
was published
for
noise_search
(Rust)
Aug 25, 2021
Command Injection in Apache James
Moderate
CVE-2021-38542
was published
for
org.apache.james:james-server
(Maven)
Jan 8, 2022
Command Injection in Apache Kylin
Moderate
CVE-2021-45456
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
Puppet Arbitrary Command Execution
Moderate
CVE-2012-1988
was published
for
puppet
(RubyGems)
May 14, 2022
sharp vulnerable to Command Injection in post-installation over build environment
Moderate
CVE-2022-29256
was published
for
sharp
(npm)
Jun 1, 2022
@actions/core has Delimiter Injection Vulnerability in exportVariable
Moderate
CVE-2022-35954
was published
for
@actions/core
(npm)
Aug 18, 2022
Command injection in Rancher Git package
Moderate
CVE-2022-43758
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
Microweber vulnerable to command injection
Moderate
CVE-2023-1877
was published
for
microweber/microweber
(Composer)
Apr 5, 2023
1Panel vulnerable to command injection when adding container repositories
Moderate
CVE-2023-36457
was published
for
github.com/1Panel-dev/1Panel
(Go)
Jul 5, 2023
1Panel vulnerable to command injection when entering the container terminal
Moderate
CVE-2023-36458
was published
for
github.com/1Panel-dev/1Panel
(Go)
Jul 5, 2023
Concrete CMS Cross-site Scripting vulnerability
Moderate
CVE-2022-43695
was published
for
concrete5/concrete5
(Composer)
Jul 6, 2023
ScanCode.io command injection in docker image fetch process
Moderate
CVE-2023-39523
was published
for
scancodeio
(pip)
Aug 9, 2023
ProTip!
Advisories are also available from the
GraphQL API