Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,367
Maven
5,000+
npm
3,986
NuGet
720
pip
3,778
Pub
12
RubyGems
926
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

88 advisories

Loading
cycle-import-check vulnerable to Command Injection Critical
CVE-2022-24377 was published for cycle-import-check (npm) Dec 14, 2022
exec-local-bin vulnerable to Command Injection Critical
CVE-2022-25923 was published for exec-local-bin (npm) Jan 6, 2023
global-modules-path Command Injection vulnerability Critical
CVE-2022-21191 was published for global-modules-path (npm) Jan 13, 2023
Command Injection in create-choo-electron Critical
CVE-2022-25908 was published for create-choo-electron (npm) Jan 26, 2023
Command injection in vagrant.js Critical
CVE-2022-25962 was published for vagrant.js (npm) Jan 26, 2023
DocsGPT Allows Remote Code Execution Critical
CVE-2025-0868 was published for docsgpt (npm) Feb 20, 2025
json-logic-js Command Injection vulnerability Critical
CVE-2021-4329 was published for json-logic-js (npm) Mar 5, 2023
Font-Converter Vulnerable to Arbitrary Command Injection Critical
CVE-2022-21165 was published for font-converter (npm) Aug 29, 2022
Improper Neutralization of Special Elements used in a Command in Shell-quote Critical
CVE-2021-42740 was published for shell-quote (npm) May 24, 2022
MyTrueWallet kurt-r2c
jwilk
openssl npm package vulnerable to command execution Critical
CVE-2023-49210 was published for openssl (npm) Nov 23, 2023
Remote code execution in dawnsparks-node-tesseract Critical
CVE-2023-29566 was published for dawnsparks-node-tesseract (npm) Apr 24, 2023
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA Critical
CVE-2023-33831 was published for @frangoteam/fuxa (npm) Sep 18, 2023
Remote code execution in broccoli-compass Critical
CVE-2023-27848 was published for broccoli-compass (npm) Apr 24, 2023
systeminformation SSID Command Injection Vulnerability Critical
CVE-2023-42810 was published for systeminformation (npm) Sep 21, 2023
Command Injection in egg-scripts Critical
CVE-2018-3786 was published for egg-scripts (npm) Sep 17, 2018
tdunlap607
Command Injection in apex-publish-static-files Critical
CVE-2018-16462 was published for apex-publish-static-files (npm) Nov 1, 2018
Command Injection in whereis Critical
CVE-2018-3772 was published for whereis (npm) Jul 31, 2018
ps Enables OS Command Injection Critical
CVE-2018-16460 was published for ps (npm) Sep 17, 2018
Command Injection in nuance-gulp-build-common Critical
CVE-2020-28430 was published for nuance-gulp-build-common (npm) Apr 13, 2021 withdrawn
Command injection in buns Critical
CVE-2020-7794 was published for buns (npm) Jan 13, 2021
Command injection in ts-process-promises Critical
CVE-2020-7784 was published for ts-process-promises (npm) Jan 13, 2021
Code injection in mock2easy Critical
CVE-2020-7697 was published for mock2easy (npm) May 6, 2021
Command Injection in geojson2kml Critical
CVE-2020-28429 was published for geojson2kml (npm) May 10, 2021
dns-sync command injection vulnerability Critical
CVE-2014-9682 was published for dns-sync (npm) Oct 24, 2017
Command Injection in ps-kill Critical
CVE-2021-23355 was published for ps-kill (npm) Mar 19, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database