Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,462
Erlang
33
GitHub Actions
22
Go
2,159
Maven
5,000+
npm
3,820
NuGet
696
pip
3,502
Pub
12
RubyGems
903
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

350 advisories

Loading
Command injection in Git package in Wrangler High
CVE-2022-31249 was published for github.com/rancher/wrangler (Go) Jan 25, 2023
cokeBeer aruneko
tdunlap607
Command injection in Rancher Git package Moderate
CVE-2022-43758 was published for github.com/rancher/rancher (Go) Jan 25, 2023
cokeBeer snoopysecurity
wifey vulnerable to Command Injection due to improper input sanitization Critical
CVE-2022-25890 was published for wifey (npm) Jan 9, 2023
docconv OS Command Injection vulnerability Critical
CVE-2022-4643 was published for code.sajari.com/docconv (Go) Dec 22, 2022
abacus-ext-cmdline vulnerable to Command Injection High
CVE-2022-24431 was published for abacus-ext-cmdline (npm) Dec 21, 2022
p4 vulnerable to Command Injection due to improper input sanitization High
CVE-2022-25171 was published for p4 (npm) Dec 20, 2022
simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol High
CVE-2022-25912 was published for simple-git (npm) Dec 6, 2022
Nadesiko3 OS Command Injection vulnerability Critical
CVE-2022-41642 was published for nadesiko3 (npm) Dec 5, 2022
nadesiko3 vulnerable to OS Command Injection Critical
CVE-2022-42496 was published for nadesiko3 (npm) Dec 5, 2022
Snyk plugins vulnerable to Command Injection Moderate
CVE-2022-22984 was published for @snyk/snyk-cocoapods-plugin (npm) Nov 30, 2022
OS Command Injection in Apache Airflow Moderate
CVE-2022-40954 was published for apache-airflow (pip) Nov 22, 2022
OS Command Injection in Apache Airflow Critical
CVE-2022-40189 was published for apache-airflow (pip) Nov 22, 2022
OS Command Injection in Apache Airflow Critical
CVE-2022-38649 was published for apache-airflow (pip) Nov 22, 2022
sunSUNQ
OS Command Injection in Apache Airflow High
CVE-2022-41131 was published for apache-airflow-providers-apache-hive (pip) Nov 22, 2022
raboof
Apache Airflow vulnerable to OS Command Injection via example DAGs High
CVE-2022-40127 was published for apache-airflow (pip) Nov 14, 2022
Improper Control of Generation of Code ('Code Injection') in Azure CLI High
CVE-2022-39327 was published for azure-cli (pip) Oct 25, 2022
Docker Command Escaping in the GitHub Actions Runner High
CVE-2022-39321 was published for actions/runner (GitHub Actions) Oct 25, 2022
Snyk CLI affected by Command Injection vulnerability High
CVE-2022-40764 was published for snyk (npm) Oct 4, 2022
XXL-JOB contains a Command execution vulnerability in background tasks Critical
CVE-2022-40929 was published for com.xuxueli:xxl-job-core (Maven) Sep 29, 2022
arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm. High
CVE-2022-39224 was published for arr-pm (RubyGems) Sep 21, 2022
joernchen
CrafterCMS OS Command Injection vulnerability High
CVE-2022-40635 was published for org.craftercms:craftercms (Maven) Sep 14, 2022
CrafterCMS Crafter Studio Improperly Controls Dynamically-Managed Code Resources High
CVE-2022-40634 was published for org.craftercms:crafter-studio (Maven) Sep 14, 2022
Apache Hadoop argument injection vulnerability Critical
CVE-2022-25168 was published for org.apache.hadoop:hadoop-common (Maven) Aug 5, 2022
ffmpeg-sdk vulnerable to OS Command Injection Critical
CVE-2020-28435 was published for ffmpeg-sdk (npm) Jul 26, 2022
xopen is vulnerable to OS Command Injection in Exported Function xopen(filepath) Critical
CVE-2020-28447 was published for xopen (npm) Jul 26, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database