GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
7 advisories
TiDB vulnerable to Use of Externally-Controlled Format String
Critical
CVE-2022-3023
was published
for
github.com/pingcap/tidb
(Go)
Nov 4, 2022
sharp vulnerable to Command Injection in post-installation over build environment
Moderate
CVE-2022-29256
was published
for
sharp
(npm)
Jun 1, 2022
Command injection in gh-ost
Moderate
CVE-2022-21687
was published
for
github.com/github/gh-ost
(Go)
Feb 1, 2022
Command Injection in node-windows
Critical
CVE-2021-45459
was published
for
node-windows
(npm)
Jan 5, 2022
Command injection in github-todos
Critical
CVE-2021-44684
was published
for
github-todos
(npm)
Dec 10, 2021
Command injection in git-it-electron
Critical
CVE-2021-44685
was published
for
git-it-electron
(npm)
Dec 8, 2021
ProTip!
Advisories are also available from the
GraphQL API