Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,783
Erlang
36
GitHub Actions
29
Go
2,353
Maven
5,000+
npm
3,977
NuGet
720
pip
3,774
Pub
12
RubyGems
923
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

158 advisories

Loading
@hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE High
CVE-2024-34347 was published for @hoppscotch/cli (npm) Apr 22, 2024
oskar-zeinomahmalat-sonarsource mufeedvh
cycle-import-check vulnerable to Command Injection Critical
CVE-2022-24377 was published for cycle-import-check (npm) Dec 14, 2022
exec-local-bin vulnerable to Command Injection Critical
CVE-2022-25923 was published for exec-local-bin (npm) Jan 6, 2023
global-modules-path Command Injection vulnerability Critical
CVE-2022-21191 was published for global-modules-path (npm) Jan 13, 2023
Command Injection in puppet-facter High
CVE-2022-25350 was published for puppet-facter (npm) Jan 26, 2023
Command Injection in create-choo-electron Critical
CVE-2022-25908 was published for create-choo-electron (npm) Jan 26, 2023
Command injection in vagrant.js Critical
CVE-2022-25962 was published for vagrant.js (npm) Jan 26, 2023
Command injection in smartctl High
CVE-2022-21810 was published for smartctl (npm) Jan 26, 2023
mt7688-wiscan is vulnerable to Command Injection due to improper input sanitization High
CVE-2022-25916 was published for mt7688-wiscan (npm) Feb 1, 2023
create-choo-app3 is vulnerable to Command Injection via the devInstall function High
CVE-2022-25855 was published for create-choo-app3 (npm) Feb 6, 2023
semver-tags is vulnerable to Command Injection via the getGitTagsRemote function High
CVE-2022-25853 was published for semver-tags (npm) Feb 6, 2023
Matrix IRC Bridge allows IRC command injection to own puppeted user Low
CVE-2025-27146 was published for matrix-appservice-irc (npm) Feb 25, 2025
funderscore1
DocsGPT Allows Remote Code Execution Critical
CVE-2025-0868 was published for docsgpt (npm) Feb 20, 2025
files.photo.gallery command injection Moderate
CVE-2024-53615 was published for files.photo.gallery (npm) Jan 30, 2025
bwm-ng vulnerable to command injection High
CVE-2023-26129 was published for bwm-ng (npm) May 27, 2023
keep-module-latest vulnerable to Command Injection due to missing input sanitization High
CVE-2023-26128 was published for keep-module-latest (npm) May 27, 2023
n158 vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function High
CVE-2023-26127 was published for n158 (npm) May 27, 2023
git-commit-info vulnerable to Command Injection High
CVE-2023-26134 was published for git-commit-info (npm) Jun 28, 2023
DSimsek000
json-logic-js Command Injection vulnerability Critical
CVE-2021-4329 was published for json-logic-js (npm) Mar 5, 2023
Font-Converter Vulnerable to Arbitrary Command Injection Critical
CVE-2022-21165 was published for font-converter (npm) Aug 29, 2022
Command Injection in lodash High
CVE-2021-23337 was published for lodash (npm) May 6, 2021
mitchell-codecov nitaiapiiro
ebickle
Improper Neutralization of Special Elements used in a Command in Shell-quote Critical
CVE-2021-42740 was published for shell-quote (npm) May 24, 2022
MyTrueWallet kurt-r2c
jwilk
network Arbitrary Command Injection vulnerability High
CVE-2024-21488 was published for network (npm) Jan 30, 2024
openssl npm package vulnerable to command execution Critical
CVE-2023-49210 was published for openssl (npm) Nov 23, 2023
Remote code execution in dawnsparks-node-tesseract Critical
CVE-2023-29566 was published for dawnsparks-node-tesseract (npm) Apr 24, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database