Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,347
Erlang
31
GitHub Actions
22
Go
2,117
Maven
5,000+
npm
3,768
NuGet
680
pip
3,457
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

161 advisories

Loading
Gogs OS Command Injection vulnerability Critical
CVE-2022-2024 was published for gogs.io/gogs (Go) Feb 28, 2023
cokeBeer
nemo-appium vulnerable to OS Command Injection Critical
CVE-2022-21129 was published for nemo-appium (npm) Jan 31, 2023
wifey vulnerable to Command Injection due to improper input sanitization Critical
CVE-2022-25890 was published for wifey (npm) Jan 9, 2023
docconv OS Command Injection vulnerability Critical
CVE-2022-4643 was published for code.sajari.com/docconv (Go) Dec 22, 2022
nadesiko3 vulnerable to OS Command Injection Critical
CVE-2022-42496 was published for nadesiko3 (npm) Dec 5, 2022
Nadesiko3 OS Command Injection vulnerability Critical
CVE-2022-41642 was published for nadesiko3 (npm) Dec 5, 2022
OS Command Injection in Apache Airflow Critical
CVE-2022-38649 was published for apache-airflow (pip) Nov 22, 2022
sunSUNQ
OS Command Injection in Apache Airflow Critical
CVE-2022-40189 was published for apache-airflow (pip) Nov 22, 2022
XXL-JOB contains a Command execution vulnerability in background tasks Critical
CVE-2022-40929 was published for com.xuxueli:xxl-job-core (Maven) Sep 29, 2022
Apache Hadoop argument injection vulnerability Critical
CVE-2022-25168 was published for org.apache.hadoop:hadoop-common (Maven) Aug 5, 2022
ffmpeg-sdk vulnerable to OS Command Injection Critical
CVE-2020-28435 was published for ffmpeg-sdk (npm) Jul 26, 2022
xopen is vulnerable to OS Command Injection in Exported Function xopen(filepath) Critical
CVE-2020-28447 was published for xopen (npm) Jul 26, 2022
thenify before 3.3.1 made use of unsafe calls to `eval`. Critical
CVE-2020-7677 was published for org.webjars.npm:thenify (Maven) Jul 18, 2022
OS Command Injection in awesome spawn Critical
CVE-2014-0156 was published for awesome_spawn (RubyGems) Jul 1, 2022
BenK0lin
OS Command Injection in cookiecutter Critical
CVE-2022-24065 was published for cookiecutter (pip) Jun 9, 2022
OS Command Injection in file editor in Gogs Critical
CVE-2022-1986 was published for gogs.io/gogs (Go) Jun 8, 2022
1135
OS Command Injection in gogs Critical
CVE-2021-32546 was published for gogs.io/gogs (Go) Jun 2, 2022
unicorn-security-team
OS Command Injection in gogs Critical
CVE-2022-1884 was published for gogs.io/gogs (Go) Jun 2, 2022
1135
Magento OS Command Injection Critical
CVE-2021-21018 was published for magento/community-edition (Composer) May 24, 2022
Magento OS command injection via the WebAPI Critical
CVE-2021-21016 was published for magento/community-edition (Composer) May 24, 2022
SaltStack Salt Command Injection in netapi ssh client Critical
CVE-2020-16846 was published for salt (pip) May 24, 2022
Magento command injection vulnerability Critical
CVE-2020-9582 was published for magento/community-edition (Composer) May 24, 2022
Magento command injection vulnerability Critical
CVE-2020-9583 was published for magento/community-edition (Composer) May 24, 2022
Magento command injection vulnerability Critical
CVE-2020-9576 was published for magento/community-edition (Composer) May 24, 2022
Magento command injection vulnerability Critical
CVE-2020-9578 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database