GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,825
Erlang
29
GitHub Actions
16
Go
1,715
Maven
4,950
npm
3,479
NuGet
605
pip
3,009
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+
154 advisories
Filter by severity
LocalAI Command Injection in audioToWav
Critical
CVE-2024-2029
was published
for
github.com/go-skynet/LocalAI
(Go)
Apr 10, 2024
discordrb OS Command Injection vulnerability
Critical
CVE-2023-28102
was published
for
discordrb
(RubyGems)
Mar 14, 2024
PaddlePaddle command injection in paddle.utils.download._wget_download
Critical
CVE-2024-0815
was published
for
paddlepaddle
(pip)
Mar 7, 2024
PaddlePaddle command injection in convert_shape_compare
Critical
CVE-2023-52314
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
PaddlePaddle command injection in _wget_download
Critical
CVE-2023-52311
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
PaddlePaddle command injection in get_online_pass_interval
Critical
CVE-2023-52310
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
Pedroetb TTS-API OS Command Injection
Critical
CVE-2019-25158
was published
for
tts-api
(npm)
Dec 19, 2023
Remote Code Execution due to Full Controled File Write in mlflow
Critical
CVE-2023-6018
was published
for
mlflow
(pip)
Nov 16, 2023
Ray OS Command Injection vulnerability
Critical
CVE-2023-6019
was published
for
ray
(pip)
Nov 16, 2023
Foreman Transpilation Enables OS Command Injection
Critical
CVE-2022-3874
was published
for
foreman
(RubyGems)
Sep 22, 2023
•
withdrawn
Command Injection Vulnerability in find-exec
Critical
CVE-2023-40582
was published
for
find-exec
(npm)
Aug 30, 2023
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
Critical
CVE-2023-40267
was published
for
GitPython
(pip)
Aug 11, 2023
Command injection in PaddlePaddle
Critical
CVE-2023-38673
was published
for
paddlepaddle
(pip)
Jul 26, 2023
git-commit-info vulnerable to Command Injection
Critical
CVE-2023-26134
was published
for
git-commit-info
(npm)
Jun 28, 2023
Langchain OS Command Injection vulnerability
Critical
CVE-2023-34540
was published
for
langchain
(pip)
Jun 14, 2023
Brook's tproxy server is vulnerable to a drive-by command injection.
Critical
CVE-2023-33965
was published
for
github.com/txthinking/brook
(Go)
Jun 6, 2023
Command injection in OpenTSDB
Critical
CVE-2023-25826
was published
for
net.opentsdb:opentsdb
(Maven)
May 3, 2023
appium-desktop OS Command Injection vulnerability
Critical
CVE-2023-2479
was published
for
appium-desktop
(npm)
May 2, 2023
Duplicate Advisory: AVideo contains Command injection when embedding a video link
Critical
GHSA-wj6r-53f5-q789
was published
for
wwbn/avideo
(Composer)
Apr 25, 2023
•
withdrawn
Gogs OS Command Injection vulnerability
Critical
CVE-2022-2024
was published
for
gogs.io/gogs
(Go)
Feb 28, 2023
nemo-appium vulnerable to OS Command Injection
Critical
CVE-2022-21129
was published
for
nemo-appium
(npm)
Jan 31, 2023
wifey vulnerable to Command Injection due to improper input sanitization
Critical
CVE-2022-25890
was published
for
wifey
(npm)
Jan 9, 2023
docconv OS Command Injection vulnerability
Critical
CVE-2022-4643
was published
for
code.sajari.com/docconv
(Go)
Dec 22, 2022
Nadesiko3 OS Command Injection vulnerability
Critical
CVE-2022-41642
was published
for
nadesiko3
(npm)
Dec 5, 2022
ProTip!
Advisories are also available from the
GraphQL API