Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,678
Erlang
29
GitHub Actions
16
Go
1,707
Maven
4,940
npm
3,471
NuGet
603
pip
2,987
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

30 advisories

1Panel arbitrary file write vulnerability Moderate
CVE-2024-34352 was published for github.com/1Panel-dev/1Panel (Go) May 9, 2024
an5er
dcnnt-py is vulnerable to command injection via Notification Handler Moderate
CVE-2023-1000 was published for dcnnt (pip) Apr 27, 2024
gix-transport indirect code execution via malicious username Moderate
CVE-2024-32884 was published for gitoxide (Rust) Apr 15, 2024
EliahKagan
1Panel is vulnerable to command injection Moderate
CVE-2024-2352 was published for github.com/1Panel-dev/1Panel (Go) Mar 10, 2024
Command Injection in pip when used with Mercurial Moderate
CVE-2023-5752 was published for pip (pip) Oct 25, 2023
mwpeterson
ScanCode.io command injection in docker image fetch process Moderate
CVE-2023-39523 was published for scancodeio (pip) Aug 9, 2023
0xmpij
Concrete CMS Cross-site Scripting vulnerability Moderate
CVE-2022-43695 was published for concrete5/concrete5 (Composer) Jul 6, 2023
1Panel vulnerable to command injection when entering the container terminal Moderate
CVE-2023-36458 was published for github.com/1Panel-dev/1Panel (Go) Jul 5, 2023
Malayke
1Panel vulnerable to command injection when adding container repositories Moderate
CVE-2023-36457 was published for github.com/1Panel-dev/1Panel (Go) Jul 5, 2023
Microweber vulnerable to command injection Moderate
CVE-2023-1877 was published for microweber/microweber (Composer) Apr 5, 2023
Command injection in Rancher Git package Moderate
CVE-2022-43758 was published for github.com/rancher/rancher (Go) Jan 25, 2023
cokeBeer snoopysecurity
@actions/core has Delimiter Injection Vulnerability in exportVariable Moderate
CVE-2022-35954 was published for @actions/core (npm) Aug 18, 2022
jupenur
sharp vulnerable to Command Injection in post-installation over build environment Moderate
CVE-2022-29256 was published for sharp (npm) Jun 1, 2022
dwisiswant0
Puppet Arbitrary Command Execution Moderate
CVE-2012-1988 was published for puppet (RubyGems) May 14, 2022
Command injection in strapi Moderate
CVE-2022-0764 was published for strapi (npm) Feb 27, 2022
Command Injection in Apache Kylin Moderate
CVE-2021-45456 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
Command Injection in Apache James Moderate
CVE-2021-38542 was published for org.apache.james:james-server (Maven) Jan 8, 2022
Argument injection in lettre Moderate
CVE-2020-28247 was published for lettre (Rust) Aug 25, 2021
vin01
Data races in noise_search Moderate
CVE-2020-36461 was published for noise_search (Rust) Aug 25, 2021
Script injection Moderate
CVE-2021-32660 was published for @backstage/techdocs-common (npm) Jun 4, 2021
Script injection Moderate
CVE-2021-32661 was published for @backstage/plugin-techdocs (npm) Jun 4, 2021
Arbitrary command execution in roar-pidusage Moderate
CVE-2021-23380 was published for roar-pidusage (npm) May 6, 2021
Arbitrary code execution in kill-by-port Moderate
CVE-2021-23363 was published for kill-by-port (npm) Apr 13, 2021
Arbitrary Command Injection in portprocesses Moderate
CVE-2021-23348 was published for portprocesses (npm) Apr 6, 2021
omnitaint
Command Injection in wxchangba Moderate
GHSA-j6v9-xgvh-f796 was published for wxchangba (npm) Sep 11, 2020
ProTip! Advisories are also available from the GraphQL API