Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,605
Erlang
29
GitHub Actions
16
Go
1,695
Maven
4,936
npm
3,466
NuGet
601
pip
2,971
Pub
10
RubyGems
825
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+

50 advisories

sagemaker-python-sdk Command Injection vulnerability High
CVE-2024-34073 was published for sagemaker (pip) May 3, 2024
Kasimir123
yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581) High
CVE-2024-22423 was published for yt-dlp (pip) Apr 10, 2024
Ry0taK Grub4K
pukkandan
ansys-geometry-core OS Command Injection vulnerability High
CVE-2024-29189 was published for ansys-geometry-core (pip) Mar 25, 2024
RobPasMue
PaddlePaddle command injection in paddle.utils.download._wget_download Critical
CVE-2024-0815 was published for paddlepaddle (pip) Mar 7, 2024
PaddlePaddle command injection in get_online_pass_interval Critical
CVE-2023-52310 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle command injection in _wget_download Critical
CVE-2023-52311 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle command injection in convert_shape_compare Critical
CVE-2023-52314 was published for PaddlePaddle (pip) Jan 3, 2024
Remote Code Execution due to Full Controled File Write in mlflow Critical
CVE-2023-6018 was published for mlflow (pip) Nov 16, 2023
marco27183
Ray OS Command Injection vulnerability Critical
CVE-2023-6019 was published for ray (pip) Nov 16, 2023
yt-dlp on Windows vulnerable to `--exec` command injection when using `%q` High
CVE-2023-40581 was published for yt-dlp (pip) Sep 25, 2023
Grub4K
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments Critical
CVE-2023-40267 was published for GitPython (pip) Aug 11, 2023
mlflow vulnerable to OS Command Injection High
CVE-2023-4033 was published for mlflow (pip) Aug 1, 2023
Command injection in PaddlePaddle Critical
CVE-2023-38673 was published for paddlepaddle (pip) Jul 26, 2023
Langchain OS Command Injection vulnerability Critical
CVE-2023-34540 was published for langchain (pip) Jun 14, 2023
IPython vulnerable to command injection via set_term_title Moderate
CVE-2023-24816 was published for IPython (pip) Feb 10, 2023
OS Command Injection in Apache Airflow Moderate
CVE-2022-40954 was published for apache-airflow (pip) Nov 22, 2022
OS Command Injection in Apache Airflow Critical
CVE-2022-40189 was published for apache-airflow (pip) Nov 22, 2022
OS Command Injection in Apache Airflow Critical
CVE-2022-38649 was published for apache-airflow (pip) Nov 22, 2022
sunSUNQ
OS Command Injection in Apache Airflow High
CVE-2022-41131 was published for apache-airflow-providers-apache-hive (pip) Nov 22, 2022
raboof
Apache Airflow vulnerable to OS Command Injection via example DAGs High
CVE-2022-40127 was published for apache-airflow (pip) Nov 14, 2022
Improper Control of Generation of Code ('Code Injection') in Azure CLI High
CVE-2022-39327 was published for azure-cli (pip) Oct 25, 2022
Apache Spark UI can allow impersonation if ACLs enabled High
CVE-2022-33891 was published for org.apache.spark:spark-parent_2.12 (Maven) Jul 19, 2022
OS Command Injection in cookiecutter High
CVE-2022-24065 was published for cookiecutter (pip) Jun 9, 2022
Apache Superset OS Command Injection High
CVE-2020-13948 was published for apache-superset (pip) May 24, 2022
Command Injection in SaltStack Salt High
CVE-2021-31607 was published for salt (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API