GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
301 advisories
Filter by severity
Command Injection in create-choo-electron
Critical
CVE-2022-25908
was published
for
create-choo-electron
(npm)
Jan 26, 2023
Command injection in vagrant.js
Critical
CVE-2022-25962
was published
for
vagrant.js
(npm)
Jan 26, 2023
Command Injection in puppet-facter
High
CVE-2022-25350
was published
for
puppet-facter
(npm)
Jan 26, 2023
Command injection in Git package in Wrangler
High
CVE-2022-31249
was published
for
github.com/rancher/wrangler
(Go)
Jan 25, 2023
Command injection in Rancher Git package
Moderate
CVE-2022-43758
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
Command Injection in Apache Airflow and Apache Airflow MySQL Provider
Critical
CVE-2023-22884
was published
for
apache-airflow
(pip)
Jan 21, 2023
Froxlor vulnerable to Command Injection
High
CVE-2023-0315
was published
for
froxlor/froxlor
(Composer)
Jan 16, 2023
global-modules-path Command Injection vulnerability
Critical
CVE-2022-21191
was published
for
global-modules-path
(npm)
Jan 13, 2023
wifey vulnerable to Command Injection due to improper input sanitization
Critical
CVE-2022-25890
was published
for
wifey
(npm)
Jan 9, 2023
exec-local-bin vulnerable to Command Injection
Critical
CVE-2022-25923
was published
for
exec-local-bin
(npm)
Jan 6, 2023
window-control vulnerable to Command Injection due to improper input sanitization
High
CVE-2022-25926
was published
for
window-control
(npm)
Jan 4, 2023
Apache Kylin vulnerable to Command injection by Diagnosis Controller
Critical
CVE-2022-44621
was published
for
org.apache.kylin:kylin-server-base
(Maven)
Dec 30, 2022
Apache Kylin vulnerable to Command injection by Useless configuration
High
CVE-2022-43396
was published
for
org.apache.kylin:kylin
(Maven)
Dec 30, 2022
Apache Airflow Hive Provider vulnerable to Command Injection
Critical
CVE-2022-46421
was published
for
apache-airflow-providers-apache-hive
(pip)
Dec 20, 2022
cycle-import-check vulnerable to Command Injection
Critical
CVE-2022-24377
was published
for
cycle-import-check
(npm)
Dec 14, 2022
PyTorch vulnerable to arbitrary code execution
Critical
CVE-2022-45907
was published
for
torch
(pip)
Nov 26, 2022
Command injection in Apache DolphinScheduler Alert Plugins
Critical
CVE-2022-45462
was published
for
org.apache.dolphinscheduler:dolphinscheduler-alert-plugins
(Maven)
Nov 23, 2022
Powerline Gitstatus vulnerable to arbitrary code execution
High
CVE-2022-42906
was published
for
powerline-gitstatus
(pip)
Oct 13, 2022
NuProcess vulnerable to command-line injection through insertion of NUL character(s)
High
CVE-2022-39243
was published
for
com.zaxxer:nuprocess
(Maven)
Sep 30, 2022
PDFKit vulnerable to Command Injection
Critical
CVE-2022-25765
was published
for
pdfkit
(RubyGems)
Sep 10, 2022
Apache James vulnerable to buffering attack
High
CVE-2022-28220
was published
for
org.apache.james:james-server
(Maven)
Sep 9, 2022
Font-Converter Vulnerable to Arbitrary Command Injection
Critical
CVE-2022-21165
was published
for
font-converter
(npm)
Aug 29, 2022
Improper token validation leading to code execution in Teleport
High
CVE-2022-36633
was published
for
github.com/gravitational/teleport
(Go)
Aug 25, 2022
@actions/core has Delimiter Injection Vulnerability in exportVariable
Moderate
CVE-2022-35954
was published
for
@actions/core
(npm)
Aug 18, 2022
ProTip!
Advisories are also available from the
GraphQL API