Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

301 advisories

Command Injection in create-choo-electron Critical
CVE-2022-25908 was published for create-choo-electron (npm) Jan 26, 2023
Command injection in vagrant.js Critical
CVE-2022-25962 was published for vagrant.js (npm) Jan 26, 2023
Command Injection in puppet-facter High
CVE-2022-25350 was published for puppet-facter (npm) Jan 26, 2023
Command injection in Git package in Wrangler High
CVE-2022-31249 was published for github.com/rancher/wrangler (Go) Jan 25, 2023
cokeBeer aruneko
tdunlap607
Command injection in Rancher Git package Moderate
CVE-2022-43758 was published for github.com/rancher/rancher (Go) Jan 25, 2023
cokeBeer snoopysecurity
Command Injection in Apache Airflow and Apache Airflow MySQL Provider Critical
CVE-2023-22884 was published for apache-airflow (pip) Jan 21, 2023
Froxlor vulnerable to Command Injection High
CVE-2023-0315 was published for froxlor/froxlor (Composer) Jan 16, 2023
global-modules-path Command Injection vulnerability Critical
CVE-2022-21191 was published for global-modules-path (npm) Jan 13, 2023
gry vulnerable to Command Injection High
CVE-2020-36650 was published for gry (npm) Jan 11, 2023
wifey vulnerable to Command Injection due to improper input sanitization Critical
CVE-2022-25890 was published for wifey (npm) Jan 9, 2023
exec-local-bin vulnerable to Command Injection Critical
CVE-2022-25923 was published for exec-local-bin (npm) Jan 6, 2023
window-control vulnerable to Command Injection due to improper input sanitization High
CVE-2022-25926 was published for window-control (npm) Jan 4, 2023
Apache Kylin vulnerable to Command injection by Diagnosis Controller Critical
CVE-2022-44621 was published for org.apache.kylin:kylin-server-base (Maven) Dec 30, 2022
Apache Kylin vulnerable to Command injection by Useless configuration High
CVE-2022-43396 was published for org.apache.kylin:kylin (Maven) Dec 30, 2022
Apache Airflow Hive Provider vulnerable to Command Injection Critical
CVE-2022-46421 was published for apache-airflow-providers-apache-hive (pip) Dec 20, 2022
cycle-import-check vulnerable to Command Injection Critical
CVE-2022-24377 was published for cycle-import-check (npm) Dec 14, 2022
PyTorch vulnerable to arbitrary code execution Critical
CVE-2022-45907 was published for torch (pip) Nov 26, 2022
WilliamsCJ
Command injection in Apache DolphinScheduler Alert Plugins Critical
CVE-2022-45462 was published for org.apache.dolphinscheduler:dolphinscheduler-alert-plugins (Maven) Nov 23, 2022
Powerline Gitstatus vulnerable to arbitrary code execution High
CVE-2022-42906 was published for powerline-gitstatus (pip) Oct 13, 2022
NuProcess vulnerable to command-line injection through insertion of NUL character(s) High
CVE-2022-39243 was published for com.zaxxer:nuprocess (Maven) Sep 30, 2022
PDFKit vulnerable to Command Injection Critical
CVE-2022-25765 was published for pdfkit (RubyGems) Sep 10, 2022
wonda-tea-coffee kiafaldorius
Apache James vulnerable to buffering attack High
CVE-2022-28220 was published for org.apache.james:james-server (Maven) Sep 9, 2022
Font-Converter Vulnerable to Arbitrary Command Injection Critical
CVE-2022-21165 was published for font-converter (npm) Aug 29, 2022
Improper token validation leading to code execution in Teleport High
CVE-2022-36633 was published for github.com/gravitational/teleport (Go) Aug 25, 2022
@actions/core has Delimiter Injection Vulnerability in exportVariable Moderate
CVE-2022-35954 was published for @actions/core (npm) Aug 18, 2022
jupenur
ProTip! Advisories are also available from the GraphQL API