GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,869
Erlang
29
GitHub Actions
16
Go
1,717
Maven
4,951
npm
3,480
NuGet
605
pip
3,026
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+
317 advisories
Filter by severity
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
Critical
CVE-2023-40267
was published
for
GitPython
(pip)
Aug 11, 2023
mlflow vulnerable to OS Command Injection
High
CVE-2023-4033
was published
for
mlflow
(pip)
Aug 1, 2023
Command injection in PaddlePaddle
Critical
CVE-2023-38673
was published
for
paddlepaddle
(pip)
Jul 26, 2023
1Panel command injection vulnerability in Firewall ip functionality
High
CVE-2023-37477
was published
for
github.com/1Panel-dev/1Panel
(Go)
Jul 18, 2023
git-commit-info vulnerable to Command Injection
Critical
CVE-2023-26134
was published
for
git-commit-info
(npm)
Jun 28, 2023
Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows
High
CVE-2023-35174
was published
for
livebook
(Erlang)
Jun 21, 2023
Langchain OS Command Injection vulnerability
Critical
CVE-2023-34540
was published
for
langchain
(pip)
Jun 14, 2023
Brook's tproxy server is vulnerable to a drive-by command injection.
Critical
CVE-2023-33965
was published
for
github.com/txthinking/brook
(Go)
Jun 6, 2023
Command injection in OpenTSDB
Critical
CVE-2023-25826
was published
for
net.opentsdb:opentsdb
(Maven)
May 3, 2023
appium-desktop OS Command Injection vulnerability
Critical
CVE-2023-2479
was published
for
appium-desktop
(npm)
May 2, 2023
Remote code injection in wwbn/avideo
High
CVE-2023-30854
was published
for
wwbn/avideo
(Composer)
Apr 27, 2023
Duplicate Advisory: AVideo contains Command injection when embedding a video link
Critical
GHSA-wj6r-53f5-q789
was published
for
wwbn/avideo
(Composer)
Apr 25, 2023
•
withdrawn
Gogs OS Command Injection vulnerability
Critical
CVE-2022-2024
was published
for
gogs.io/gogs
(Go)
Feb 28, 2023
IPython vulnerable to command injection via set_term_title
Moderate
CVE-2023-24816
was published
for
IPython
(pip)
Feb 10, 2023
nemo-appium vulnerable to OS Command Injection
Critical
CVE-2022-21129
was published
for
nemo-appium
(npm)
Jan 31, 2023
Sandbox bypass in Jenkins Script Security Plugin
High
CVE-2023-24422
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
Jan 26, 2023
Command injection in Git package in Wrangler
High
CVE-2022-31249
was published
for
github.com/rancher/wrangler
(Go)
Jan 25, 2023
Command injection in Rancher Git package
Moderate
CVE-2022-43758
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
wifey vulnerable to Command Injection due to improper input sanitization
Critical
CVE-2022-25890
was published
for
wifey
(npm)
Jan 9, 2023
docconv OS Command Injection vulnerability
Critical
CVE-2022-4643
was published
for
code.sajari.com/docconv
(Go)
Dec 22, 2022
abacus-ext-cmdline vulnerable to Command Injection
High
CVE-2022-24431
was published
for
abacus-ext-cmdline
(npm)
Dec 21, 2022
p4 vulnerable to Command Injection due to improper input sanitization
High
CVE-2022-25171
was published
for
p4
(npm)
Dec 20, 2022
simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol
High
CVE-2022-25912
was published
for
simple-git
(npm)
Dec 6, 2022
Nadesiko3 OS Command Injection vulnerability
Critical
CVE-2022-41642
was published
for
nadesiko3
(npm)
Dec 5, 2022
ProTip!
Advisories are also available from the
GraphQL API