Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,869
Erlang
29
GitHub Actions
16
Go
1,717
Maven
4,951
npm
3,480
NuGet
605
pip
3,026
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+

23 advisories

Hugo can execute a binary from the current directory on Windows High
CVE-2020-26284 was published for github.com/gohugoio/hugo (Go) Jun 23, 2021
Ry0taK
Privilege escalation to cluster admin on multi-tenant environments High
CVE-2021-41254 was published for github.com/fluxcd/kustomize-controller (Go) Nov 15, 2021
AdamKorcz DavidKorczynski
Exposure of server configuration in github.com/go-vela/server High
CVE-2020-26294 was published for github.com/go-vela/compiler (Go) Feb 15, 2022
matt-fevold wass3r
Kubernetes Arbitrary Command Injection Moderate
CVE-2018-1002101 was published for k8s.io/kubernetes (Go) Feb 15, 2022
Command injection in github.com/google/fscrypt Moderate
CVE-2022-25328 was published for github.com/google/fscrypt (Go) Feb 26, 2022
Code injection in Stripe CLI on windows High
CVE-2022-24753 was published for github.com/stripe/stripe-cli (Go) Mar 10, 2022
Command Injection in CasaOS Critical
CVE-2022-24193 was published for github.com/IceWhaleTech/CasaOS (Go) Mar 11, 2022
Disputed: OS Command injection in github.com/kardianos/service High
CVE-2022-29583 was published for github.com/kardianos/service (Go) Apr 23, 2022 withdrawn
masinger
OS Command Injection in gogs Critical
CVE-2022-1884 was published for gogs.io/gogs (Go) Jun 2, 2022
1135
OS Command Injection in gogs Critical
CVE-2021-32546 was published for gogs.io/gogs (Go) Jun 2, 2022
unicorn-security-team
OS Command Injection in file editor in Gogs Critical
CVE-2022-1986 was published for gogs.io/gogs (Go) Jun 8, 2022
1135
docconv OS Command Injection vulnerability Critical
CVE-2022-4643 was published for code.sajari.com/docconv (Go) Dec 22, 2022
Command injection in Rancher Git package Moderate
CVE-2022-43758 was published for github.com/rancher/rancher (Go) Jan 25, 2023
cokeBeer snoopysecurity
Command injection in Git package in Wrangler High
CVE-2022-31249 was published for github.com/rancher/wrangler (Go) Jan 25, 2023
cokeBeer aruneko
tdunlap607
Gogs OS Command Injection vulnerability Critical
CVE-2022-2024 was published for gogs.io/gogs (Go) Feb 28, 2023
cokeBeer
Brook's tproxy server is vulnerable to a drive-by command injection. Critical
CVE-2023-33965 was published for github.com/txthinking/brook (Go) Jun 6, 2023
pwntester
1Panel command injection vulnerability in Firewall ip functionality High
CVE-2023-37477 was published for github.com/1Panel-dev/1Panel (Go) Jul 18, 2023
Malayke amascia-gg
Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime Moderate
CVE-2023-51699 was published for github.com/fluid-cloudnative/fluid (Go) Mar 15, 2024
zhang-x-z
Nuclei allows unsigned code template execution through workflows High
CVE-2024-27920 was published for github.com/projectdiscovery/nuclei/v3 (Go) Mar 15, 2024
LocalAI Command Injection in audioToWav Critical
CVE-2024-2029 was published for github.com/go-skynet/LocalAI (Go) Apr 10, 2024
tiagorlampert CHAOS vulnerable to command injections High
CVE-2024-30850 was published for github.com/tiagorlampert/CHAOS (Go) Apr 12, 2024
Arbitrary Code Execution in Gitea High
CVE-2020-14144 was published for code.gitea.io/gitea (Go) Apr 22, 2024
Heketi Arbitrary Code Execution High
CVE-2017-15103 was published for github.com/heketi/heketi (Go) Apr 24, 2024
ProTip! Advisories are also available from the GraphQL API