GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
24 advisories
Filter by severity
Command injection via Celery broker in Apache Airflow
Critical
CVE-2020-11981
was published
for
apache-airflow
(pip)
Jul 27, 2020
Markdown-supplied Shell Command Execution
Critical
CVE-2020-15271
was published
for
lookatme
(pip)
Oct 27, 2020
remote code execution via git repo provider
Critical
CVE-2021-39159
was published
for
binderhub
(pip)
Aug 30, 2021
Gerapy may cause remote code execution
Critical
CVE-2021-43857
was published
for
gerapy
(pip)
Jan 6, 2022
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks
Critical
CVE-2021-21386
was published
for
APKLeaks
(pip)
Jan 21, 2022
Mercurial vulnerable to arbitrary code injection
Critical
CVE-2017-17458
was published
for
mercurial
(pip)
May 13, 2022
Mercurial is vulnerable to shell injection attack
Critical
CVE-2017-1000116
was published
for
mercurial
(pip)
May 13, 2022
SaltStack Salt Command Injection in netapi ssh client
Critical
CVE-2020-16846
was published
for
salt
(pip)
May 24, 2022
OS Command Injection in cookiecutter
Critical
CVE-2022-24065
was published
for
cookiecutter
(pip)
Jun 9, 2022
OS Command Injection in Apache Airflow
Critical
CVE-2022-40189
was published
for
apache-airflow
(pip)
Nov 22, 2022
OS Command Injection in Apache Airflow
Critical
CVE-2022-38649
was published
for
apache-airflow
(pip)
Nov 22, 2022
Langchain OS Command Injection vulnerability
Critical
CVE-2023-34540
was published
for
langchain
(pip)
Jun 14, 2023
Command injection in PaddlePaddle
Critical
CVE-2023-38673
was published
for
paddlepaddle
(pip)
Jul 26, 2023
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
Critical
CVE-2023-40267
was published
for
GitPython
(pip)
Aug 11, 2023
Ray OS Command Injection vulnerability
Critical
CVE-2023-6019
was published
for
ray
(pip)
Nov 16, 2023
Remote Code Execution due to Full Controled File Write in mlflow
Critical
CVE-2023-6018
was published
for
mlflow
(pip)
Nov 16, 2023
PaddlePaddle command injection in _wget_download
Critical
CVE-2023-52311
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
PaddlePaddle command injection in convert_shape_compare
Critical
CVE-2023-52314
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
PaddlePaddle command injection in get_online_pass_interval
Critical
CVE-2023-52310
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
PaddlePaddle command injection in paddle.utils.download._wget_download
Critical
CVE-2024-0815
was published
for
paddlepaddle
(pip)
Mar 7, 2024
AutoGPT bypass of the shell commands denylist settings
Critical
CVE-2024-6091
was published
for
agpt
(pip)
Sep 11, 2024
ProTip!
Advisories are also available from the
GraphQL API