Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,867
Erlang
29
GitHub Actions
16
Go
1,717
Maven
4,951
npm
3,480
NuGet
605
pip
3,026
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+

50 advisories

OS Command Injection and Improper Input Validation in ansible High
CVE-2019-14904 was published for ansible (pip) Apr 20, 2021
Command injection in Yamale High
CVE-2021-38305 was published for yamale (pip) Aug 11, 2021
OS Command Injection in bikeshed High
CVE-2021-23422 was published for bikeshed (pip) Aug 30, 2021
OS Command Injection in Apache Airflow Critical
CVE-2022-40189 was published for apache-airflow (pip) Nov 22, 2022
Code injection in `saved_model_cli` High
CVE-2021-41228 was published for tensorflow (pip) Nov 10, 2021
An authenticated user can execute arbitrary command in Gerapy High
CVE-2021-32849 was published for gerapy (pip) Jan 6, 2022
OS Command injection in Apache Airflow High
CVE-2022-24288 was published for apache-airflow (pip) Feb 26, 2022
OS Command Injection in jw.util Critical
CVE-2020-13388 was published for jw.util (pip) Jun 2, 2021
Command Injection in Pygments Critical
CVE-2015-8557 was published for Pygments (pip) May 17, 2022
tdunlap607
Code Injection in SLO Generator Moderate
CVE-2021-22557 was published for slo-generator (pip) Oct 5, 2021
OS Command Injection in Apache Airflow High
CVE-2022-41131 was published for apache-airflow-providers-apache-hive (pip) Nov 22, 2022
raboof
Improper Control of Generation of Code ('Code Injection') in Azure CLI High
CVE-2022-39327 was published for azure-cli (pip) Oct 25, 2022
Pillow command injection High
CVE-2014-3007 was published for pillow (pip) May 17, 2022
OS Command Injection in cookiecutter High
CVE-2022-24065 was published for cookiecutter (pip) Jun 9, 2022
OS Command Injection in Apache Airflow Moderate
CVE-2022-40954 was published for apache-airflow (pip) Nov 22, 2022
ClusterLabs crmsh vulnerable to shell code injection High
CVE-2020-35459 was published for crmsh (pip) May 24, 2022
Apache Spark UI can allow impersonation if ACLs enabled High
CVE-2022-33891 was published for org.apache.spark:spark-parent_2.12 (Maven) Jul 19, 2022
Apache Airflow vulnerable to OS Command Injection via example DAGs High
CVE-2022-40127 was published for apache-airflow (pip) Nov 14, 2022
OS Command Injection in ansible High
CVE-2020-1734 was published for ansible (pip) Feb 9, 2022
IPython vulnerable to command injection via set_term_title Moderate
CVE-2023-24816 was published for IPython (pip) Feb 10, 2023
Gerapy < 0.9.8 may cause remote code execution Critical
CVE-2021-43857 was published for gerapy (pip) Jan 6, 2022
conference-scheduler-cli Arbitrary Code Execution High
CVE-2018-14572 was published for conference-scheduler-cli (pip) Oct 29, 2018
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks Critical
CVE-2021-21386 was published for APKLeaks (pip) Jan 21, 2022
Ry0taK
Markdown-supplied Shell Command Execution Critical
CVE-2020-15271 was published for lookatme (pip) Oct 27, 2020
Code injection in nbgitpuller High
CVE-2021-39160 was published for nbgitpuller (pip) Aug 30, 2021
ProTip! Advisories are also available from the GraphQL API