Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

314 advisories

Loading
An authenticated user can execute arbitrary command in Gerapy High
CVE-2021-32849 was published for gerapy (pip) Jan 6, 2022
Donfig Command Injection in collect_yaml method Critical
CVE-2019-7537 was published for donfig (pip) May 14, 2022
Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands High
CVE-2024-41815 was published for starship (Rust) Jul 26, 2024
evanbattaglia
LoLLMS Command Injection vulnerability High
CVE-2024-4078 was published for lollms (pip) May 16, 2024
Remote code execution (RCE) in Apache Airflow High
CVE-2020-11978 was published for apache-airflow (pip) Jul 27, 2020
sunSUNQ
Improper Input Validation and Command Injection in Ansible High
CVE-2021-3583 was published for ansible (pip) Sep 23, 2021
OS Command Injection in celery High
CVE-2021-23727 was published for celery (pip) Jan 6, 2022
Command Injection in Cobbler High
CVE-2021-45082 was published for cobbler (pip) Feb 20, 2022
Ansible fails to properly sanitize fact variables sent from the Ansible controller Critical
CVE-2016-8628 was published for ansible (pip) Oct 10, 2018
FitNesse allows execution of arbitrary OS commands Critical
CVE-2024-28125 was published for org.fitnesse:fitnesse (Maven) Mar 18, 2024
TYPO3 Install Tool vulnerable to Code Execution High
CVE-2024-22188 was published for typo3/cms-core (Composer) Feb 13, 2024
bnf
Command Injection in sequenceserver Critical
CVE-2024-42360 was published for sequenceserver (RubyGems) Aug 13, 2024
drpowell tadast
CasaOS Command Injection vulnerability High
CVE-2023-37469 was published for github.com/IceWhaleTech/CasaOS (Go) Aug 5, 2024
RaspAP allows an attacker to escalate privileges Critical
CVE-2024-41637 was published for billz/raspap-webgui (Composer) Jul 29, 2024
Apache HugeGraph-Server: Command execution in gremlin Critical
CVE-2024-27348 was published for org.apache.hugegraph:hugegraph-api (Maven) Apr 22, 2024
sshproxy vulnerable to SSH option injection Low
CVE-2024-34713 was published for github.com/cea-hpc/sshproxy (Go) May 14, 2024
fdiakh
Vanna prompt injection code execution High
CVE-2024-5565 was published for vanna (pip) May 31, 2024
HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation High
CVE-2024-6257 was published for github.com/hashicorp/go-getter (Go) Jun 25, 2024
Composer has multiple command injections via malicious git/hg branch names High
CVE-2024-35242 was published for composer/composer (Composer) Jun 10, 2024
haqpl
Composer has a command injection via malicious git branch name High
CVE-2024-35241 was published for composer/composer (Composer) Jun 10, 2024
martinhaunschmid
Spring-boot-admin sandbox bypass via crafted HTML High
CVE-2023-38286 was published for de.codecentric:spring-boot-admin-server (Maven) Jul 14, 2023
ymuraki-csc danielfernandez
Subrhamanya
Command Injection in pip when used with Mercurial Moderate
CVE-2023-5752 was published for pip (pip) Oct 25, 2023
mwpeterson
Withdrawn: Runc allows an arbitrary systemd property to be injected High
GHSA-c5pj-mqfh-rvc3 was published for github.com/opencontainers/runc (Go) Apr 26, 2024 withdrawn
AkihiroSuda
Azure Identity SDK Remote Code Execution Vulnerability High
CVE-2023-36414 was published for Azure.Identity (NuGet) Oct 10, 2023
scottaddie
.NET Remote Code Execution Vulnerability High
CVE-2023-35390 was published for Microsoft.NET.Build.Containers (NuGet) Aug 9, 2023
ProTip! Advisories are also available from the GraphQL API