Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2022-6579

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.00513EPSS
Exploits1References3
Veracode
Veracodeadded 2022/08/03 4:59 p.m.20 views

OS Command Injection

Heroku-env is vulnerable to OS command injection. The vulnerability is due to the function get that executes a shell command with unsanitized user input. An attacker can inject shell code using the app parameter, using the control operator & or && followed by an arbitrary command...

9.8CVSS9.4AI score0.00513EPSS
Exploits1Affected Software1
OSV
OSVadded 2022/08/03 12:0 a.m.17 views

GHSA-JP45-65JW-94MJ heroku-env susceptible to command injection

A command injection vulnerability affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js...

9.8CVSS9.8AI score0.00513EPSS
Exploits1References3
NVD
NVDadded 2022/08/02 2:15 p.m.11 views

CVE-2020-28437

This affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js...

9.8CVSS0.00513EPSS
Exploits1References1
Prion
Prionadded 2022/08/02 2:15 p.m.8 views

Code injection

This affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js...

7.5CVSS9.6AI score0.00513EPSS
Exploits1References1
CVE
CVEadded 2022/08/02 1:25 p.m.39 views

CVE-2020-28437

CVE-2020-28437 affects all versions of the npm package heroku-env. The vulnerability is a command-injection flaw in the get() function, with the injection point in lib/get.js which is required by index.js. This allows unsanitized user input to lead to shell execution. Public sources (Veracode, GH...

9.8CVSS9.7AI score0.00513EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2022/08/02 1:25 p.m.13 views

CVE-2020-28437 Command Injection

This affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js...

9.4CVSS9.7AI score0.00513EPSS
Exploits1References1
CNNVD
CNNVDadded 2022/08/02 12:0 a.m.3 views

npm heroku-env 命令注入漏洞

npm heroku-env is a package from npm USA. It is used to parse DATABASEURL from heroku configuration and split it into PG environment variables used by psql pgdump pgrestore and nodepostgres. A command injection vulnerability exists in versions of heroku-env prior to 2.0.2, which stems from the...

9.8CVSS8.3AI score0.0056EPSS
Exploits1References3
CNNVD
CNNVDadded 2022/08/02 12:0 a.m.1 views

npm heroku-env 命令注入漏洞

npm heroku-env is a package from npm USA. It is used to parse DATABASEURL from heroku configurations and split it into PG environment variables used by psql pgdump pgrestore and nodepostgres. A command injection vulnerability exists in all versions of heroku-env, which stems from the presence of...

9.8CVSS8.3AI score0.00513EPSS
Exploits1References2
Snyk
Snykadded 2021/01/26 7:0 a.m.1 views

Command Injection

Overview heroku-env is a package that parse the DATABASEURL from your heroku config and split it out into the PG environment variables used by psql pgdump pgrestore and nodepostgres Affected versions of this package are vulnerable to Command Injection. The injection point is located in lib/get.js...

9.8CVSS7.2AI score0.00513EPSS
Exploits1References2
Rows per page
Query Builder