Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,605
Erlang
29
GitHub Actions
16
Go
1,695
Maven
4,936
npm
3,466
NuGet
601
pip
2,971
Pub
10
RubyGems
825
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+

316 advisories

fuel/core ImageMagick driver does not escape all shell arguments. High
GHSA-26hp-cgjj-m2j3 was published for fuel/core (Composer) May 15, 2024
sagemaker-python-sdk Command Injection vulnerability High
CVE-2024-34073 was published for sagemaker (pip) May 3, 2024
Kasimir123
Heketi Arbitrary Code Execution High
CVE-2017-15103 was published for github.com/heketi/heketi (Go) Apr 24, 2024
Renovate vulnerable to arbitrary command injection via helmv3 manager and registryAliases Moderate
GHSA-rqgv-292v-5qgr was published for renovate (npm) Apr 23, 2024
meyfa
Arbitrary Code Execution in Gitea High
CVE-2020-14144 was published for code.gitea.io/gitea (Go) Apr 22, 2024
tiagorlampert CHAOS vulnerable to command injections High
CVE-2024-30850 was published for github.com/tiagorlampert/CHAOS (Go) Apr 12, 2024
LocalAI Command Injection in audioToWav Critical
CVE-2024-2029 was published for github.com/go-skynet/LocalAI (Go) Apr 10, 2024
yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581) High
CVE-2024-22423 was published for yt-dlp (pip) Apr 10, 2024
Ry0taK Grub4K
pukkandan
ansys-geometry-core OS Command Injection vulnerability High
CVE-2024-29189 was published for ansys-geometry-core (pip) Mar 25, 2024
RobPasMue
Nuclei allows unsigned code template execution through workflows High
CVE-2024-27920 was published for github.com/projectdiscovery/nuclei/v3 (Go) Mar 15, 2024
Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime Moderate
CVE-2023-51699 was published for github.com/fluid-cloudnative/fluid (Go) Mar 15, 2024
zhang-x-z
discordrb OS Command Injection vulnerability Critical
CVE-2023-28102 was published for discordrb (RubyGems) Mar 14, 2024
PaddlePaddle command injection in paddle.utils.download._wget_download Critical
CVE-2024-0815 was published for paddlepaddle (pip) Mar 7, 2024
baserCMS OS command injection vulnerability in Installer Moderate
CVE-2023-51450 was published for baserproject/basercms (Composer) Feb 22, 2024
PaddlePaddle command injection in get_online_pass_interval Critical
CVE-2023-52310 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle command injection in _wget_download Critical
CVE-2023-52311 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle command injection in convert_shape_compare Critical
CVE-2023-52314 was published for PaddlePaddle (pip) Jan 3, 2024
Pedroetb TTS-API OS Command Injection Critical
CVE-2019-25158 was published for tts-api (npm) Dec 19, 2023
Remote Code Execution due to Full Controled File Write in mlflow Critical
CVE-2023-6018 was published for mlflow (pip) Nov 16, 2023
marco27183
Ray OS Command Injection vulnerability Critical
CVE-2023-6019 was published for ray (pip) Nov 16, 2023
chromedriver Command Injection vulnerability Moderate
CVE-2023-26156 was published for chromedriver (npm) Nov 9, 2023
yt-dlp on Windows vulnerable to `--exec` command injection when using `%q` High
CVE-2023-40581 was published for yt-dlp (pip) Sep 25, 2023
Grub4K
Foreman Transpilation Enables OS Command Injection Critical
CVE-2022-3874 was published for foreman (RubyGems) Sep 22, 2023 withdrawn
drewblas MH4GF
hoshinotsuyoshi fesplugas-drms olleolleolle evgeni mrnovalles aramprice
Command Injection Vulnerability in find-exec Critical
CVE-2023-40582 was published for find-exec (npm) Aug 30, 2023
miguelafmonteiro
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments Critical
CVE-2023-40267 was published for GitPython (pip) Aug 11, 2023
ProTip! Advisories are also available from the GraphQL API