GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,867
Erlang
29
GitHub Actions
16
Go
1,717
Maven
4,951
npm
3,480
NuGet
605
pip
3,026
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+
50 advisories
Filter by severity
OS Command Injection and Improper Input Validation in ansible
High
CVE-2019-14904
was published
for
ansible
(pip)
Apr 20, 2021
OS Command Injection in Apache Airflow
Critical
CVE-2022-40189
was published
for
apache-airflow
(pip)
Nov 22, 2022
Code injection in `saved_model_cli`
High
CVE-2021-41228
was published
for
tensorflow
(pip)
Nov 10, 2021
An authenticated user can execute arbitrary command in Gerapy
High
CVE-2021-32849
was published
for
gerapy
(pip)
Jan 6, 2022
OS Command injection in Apache Airflow
High
CVE-2022-24288
was published
for
apache-airflow
(pip)
Feb 26, 2022
Code Injection in SLO Generator
Moderate
CVE-2021-22557
was published
for
slo-generator
(pip)
Oct 5, 2021
OS Command Injection in Apache Airflow
High
CVE-2022-41131
was published
for
apache-airflow-providers-apache-hive
(pip)
Nov 22, 2022
Improper Control of Generation of Code ('Code Injection') in Azure CLI
High
CVE-2022-39327
was published
for
azure-cli
(pip)
Oct 25, 2022
OS Command Injection in cookiecutter
High
CVE-2022-24065
was published
for
cookiecutter
(pip)
Jun 9, 2022
OS Command Injection in Apache Airflow
Moderate
CVE-2022-40954
was published
for
apache-airflow
(pip)
Nov 22, 2022
ClusterLabs crmsh vulnerable to shell code injection
High
CVE-2020-35459
was published
for
crmsh
(pip)
May 24, 2022
Apache Spark UI can allow impersonation if ACLs enabled
High
CVE-2022-33891
was published
for
org.apache.spark:spark-parent_2.12
(Maven)
Jul 19, 2022
Apache Airflow vulnerable to OS Command Injection via example DAGs
High
CVE-2022-40127
was published
for
apache-airflow
(pip)
Nov 14, 2022
IPython vulnerable to command injection via set_term_title
Moderate
CVE-2023-24816
was published
for
IPython
(pip)
Feb 10, 2023
Gerapy < 0.9.8 may cause remote code execution
Critical
CVE-2021-43857
was published
for
gerapy
(pip)
Jan 6, 2022
conference-scheduler-cli Arbitrary Code Execution
High
CVE-2018-14572
was published
for
conference-scheduler-cli
(pip)
Oct 29, 2018
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks
Critical
CVE-2021-21386
was published
for
APKLeaks
(pip)
Jan 21, 2022
Markdown-supplied Shell Command Execution
Critical
CVE-2020-15271
was published
for
lookatme
(pip)
Oct 27, 2020
ProTip!
Advisories are also available from the
GraphQL API