GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,226
Erlang
31
GitHub Actions
19
Go
1,991
Maven
5,000+
npm
3,708
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
49 advisories
Filter by severity
git-commit-info vulnerable to Command Injection
High
CVE-2023-26134
was published
for
git-commit-info
(npm)
Jun 28, 2023
@hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE
High
CVE-2024-34347
was published
for
@hoppscotch/cli
(npm)
Apr 22, 2024
network Arbitrary Command Injection vulnerability
High
CVE-2024-21488
was published
for
network
(npm)
Jan 30, 2024
bwm-ng vulnerable to command injection
High
CVE-2023-26129
was published
for
bwm-ng
(npm)
May 27, 2023
keep-module-latest vulnerable to Command Injection due to missing input sanitization
High
CVE-2023-26128
was published
for
keep-module-latest
(npm)
May 27, 2023
n158 vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function
High
CVE-2023-26127
was published
for
n158
(npm)
May 27, 2023
Snowflake NodeJS Driver vulnerable to Command Injection
High
CVE-2023-34232
was published
for
snowflake-sdk
(npm)
Jun 9, 2023
node-qpdf vulnerable to command injection
High
CVE-2023-26155
was published
for
node-qpdf
(npm)
Oct 14, 2023
Madge vulnerable to command injection
High
CVE-2021-23352
was published
for
madge
(npm)
Mar 12, 2021
window-control vulnerable to Command Injection due to improper input sanitization
High
CVE-2022-25926
was published
for
window-control
(npm)
Jan 4, 2023
Command Injection in local-devices
High
GHSA-w725-67p7-xv22
was published
for
local-devices
(npm)
Sep 3, 2020
pullit vulnerable to command injection
High
CVE-2018-25083
was published
for
pullit
(npm)
Sep 3, 2020
semver-tags is vulnerable to Command Injection via the getGitTagsRemote function
High
CVE-2022-25853
was published
for
semver-tags
(npm)
Feb 6, 2023
create-choo-app3 is vulnerable to Command Injection via the devInstall function
High
CVE-2022-25855
was published
for
create-choo-app3
(npm)
Feb 6, 2023
mt7688-wiscan is vulnerable to Command Injection due to improper input sanitization
High
CVE-2022-25916
was published
for
mt7688-wiscan
(npm)
Feb 1, 2023
Command Injection in puppet-facter
High
CVE-2022-25350
was published
for
puppet-facter
(npm)
Jan 26, 2023
Injection and Command Injection in devcert
High
CVE-2020-8186
was published
for
devcert
(npm)
May 18, 2021
OS Command Injection and Command Injection in kill-port-process
High
CVE-2019-15609
was published
for
kill-port-process
(npm)
Feb 10, 2022
Command Injection in @graphql-tools/git-loader
High
CVE-2021-23326
was published
for
@graphql-tools/git-loader
(npm)
Jan 29, 2021
ProTip!
Advisories are also available from the
GraphQL API