GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
160 advisories
Filter by severity
OS Command Injection in cookiecutter
Critical
CVE-2022-24065
was published
for
cookiecutter
(pip)
Jun 9, 2022
LibreNMS has an Authenticated OS Command Injection
Critical
CVE-2024-51092
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE
Critical
CVE-2024-51735
was published
for
github.com/j3ssie/osmedeus
(Go)
Nov 5, 2024
SaltStack Salt Command Injection in netapi ssh client
Critical
CVE-2020-16846
was published
for
salt
(pip)
May 24, 2022
PIDUsage Enables OS Command Injection
Critical
CVE-2017-1000220
was published
for
pidusage
(npm)
May 13, 2022
OS Command Injection in Plexus-utils
Critical
CVE-2017-1000487
was published
for
org.codehaus.plexus:plexus-utils
(Maven)
May 13, 2022
Markdown-supplied Shell Command Execution
Critical
CVE-2020-15271
was published
for
lookatme
(pip)
Oct 27, 2020
Langchain OS Command Injection vulnerability
Critical
CVE-2023-34540
was published
for
langchain
(pip)
Jun 14, 2023
Mercurial is vulnerable to shell injection attack
Critical
CVE-2017-1000116
was published
for
mercurial
(pip)
May 13, 2022
Chaosblade vulnerable to OS command execution
Critical
CVE-2023-47105
was published
for
github.com/chaosblade-io/chaosblade
(Go)
Sep 18, 2024
Mercurial vulnerable to arbitrary code injection
Critical
CVE-2017-17458
was published
for
mercurial
(pip)
May 13, 2022
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
Critical
CVE-2023-40267
was published
for
GitPython
(pip)
Aug 11, 2023
Gerapy may cause remote code execution
Critical
CVE-2021-43857
was published
for
gerapy
(pip)
Jan 6, 2022
AutoGPT bypass of the shell commands denylist settings
Critical
CVE-2024-6091
was published
for
agpt
(pip)
Sep 11, 2024
remote code execution via git repo provider
Critical
CVE-2021-39159
was published
for
binderhub
(pip)
Aug 30, 2021
Command injection via Celery broker in Apache Airflow
Critical
CVE-2020-11981
was published
for
apache-airflow
(pip)
Jul 27, 2020
Remote Code Execution due to Full Controled File Write in mlflow
Critical
CVE-2023-6018
was published
for
mlflow
(pip)
Nov 16, 2023
LocalAI Command Injection in audioToWav
Critical
CVE-2024-2029
was published
for
github.com/go-skynet/LocalAI
(Go)
Apr 10, 2024
tiagorlampert CHAOS vulnerable to arbitrary code execution
Critical
CVE-2024-33434
was published
for
github.com/tiagorlampert/CHAOS
(Go)
May 7, 2024
Withdrawn Advisory: OS Command Injection in effect
Critical
CVE-2020-7624
was published
for
effect
(npm)
Feb 10, 2022
•
withdrawn
docconv OS Command Injection vulnerability
Critical
CVE-2022-4643
was published
for
code.sajari.com/docconv
(Go)
Dec 22, 2022
XXL-JOB contains a Command execution vulnerability in background tasks
Critical
CVE-2022-40929
was published
for
com.xuxueli:xxl-job-core
(Maven)
Sep 29, 2022
ProTip!
Advisories are also available from the
GraphQL API