GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,869
Erlang
29
GitHub Actions
16
Go
1,717
Maven
4,951
npm
3,480
NuGet
605
pip
3,026
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+
124 advisories
Filter by severity
Passbolt Api Remote code execution
High
GHSA-cv5c-2qv5-w2m2
was published
for
passbolt/passbolt_api
(Composer)
May 20, 2024
fuel/core ImageMagick driver does not escape all shell arguments.
High
GHSA-26hp-cgjj-m2j3
was published
for
fuel/core
(Composer)
May 15, 2024
sagemaker-python-sdk Command Injection vulnerability
High
CVE-2024-34073
was published
for
sagemaker
(pip)
May 3, 2024
Heketi Arbitrary Code Execution
High
CVE-2017-15103
was published
for
github.com/heketi/heketi
(Go)
Apr 24, 2024
Arbitrary Code Execution in Gitea
High
CVE-2020-14144
was published
for
code.gitea.io/gitea
(Go)
Apr 22, 2024
tiagorlampert CHAOS vulnerable to command injections
High
CVE-2024-30850
was published
for
github.com/tiagorlampert/CHAOS
(Go)
Apr 12, 2024
yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581)
High
CVE-2024-22423
was published
for
yt-dlp
(pip)
Apr 10, 2024
ansys-geometry-core OS Command Injection vulnerability
High
CVE-2024-29189
was published
for
ansys-geometry-core
(pip)
Mar 25, 2024
Nuclei allows unsigned code template execution through workflows
High
CVE-2024-27920
was published
for
github.com/projectdiscovery/nuclei/v3
(Go)
Mar 15, 2024
yt-dlp on Windows vulnerable to `--exec` command injection when using `%q`
High
CVE-2023-40581
was published
for
yt-dlp
(pip)
Sep 25, 2023
mlflow vulnerable to OS Command Injection
High
CVE-2023-4033
was published
for
mlflow
(pip)
Aug 1, 2023
1Panel command injection vulnerability in Firewall ip functionality
High
CVE-2023-37477
was published
for
github.com/1Panel-dev/1Panel
(Go)
Jul 18, 2023
Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows
High
CVE-2023-35174
was published
for
livebook
(Erlang)
Jun 21, 2023
Remote code injection in wwbn/avideo
High
CVE-2023-30854
was published
for
wwbn/avideo
(Composer)
Apr 27, 2023
Sandbox bypass in Jenkins Script Security Plugin
High
CVE-2023-24422
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
Jan 26, 2023
Command injection in Git package in Wrangler
High
CVE-2022-31249
was published
for
github.com/rancher/wrangler
(Go)
Jan 25, 2023
abacus-ext-cmdline vulnerable to Command Injection
High
CVE-2022-24431
was published
for
abacus-ext-cmdline
(npm)
Dec 21, 2022
p4 vulnerable to Command Injection due to improper input sanitization
High
CVE-2022-25171
was published
for
p4
(npm)
Dec 20, 2022
simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol
High
CVE-2022-25912
was published
for
simple-git
(npm)
Dec 6, 2022
OS Command Injection in Apache Airflow
High
CVE-2022-41131
was published
for
apache-airflow-providers-apache-hive
(pip)
Nov 22, 2022
Apache Airflow vulnerable to OS Command Injection via example DAGs
High
CVE-2022-40127
was published
for
apache-airflow
(pip)
Nov 14, 2022
Improper Control of Generation of Code ('Code Injection') in Azure CLI
High
CVE-2022-39327
was published
for
azure-cli
(pip)
Oct 25, 2022
Docker Command Escaping in the GitHub Actions Runner
High
CVE-2022-39321
was published
for
actions/runner
(GitHub Actions)
Oct 25, 2022
Snyk CLI affected by Command Injection vulnerability
High
CVE-2022-40764
was published
for
snyk
(npm)
Oct 4, 2022
arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm.
High
CVE-2022-39224
was published
for
arr-pm
(RubyGems)
Sep 21, 2022
ProTip!
Advisories are also available from the
GraphQL API