GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,071
Erlang
29
GitHub Actions
19
Go
1,893
Maven
5,000+
npm
3,630
NuGet
638
pip
3,243
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
325 advisories
Filter by severity
Remote Code Execution in create_conda_env function in lollms
Moderate
CVE-2024-3121
was published
for
lollms
(pip)
Jun 24, 2024
conference-scheduler-cli Arbitrary Code Execution
High
CVE-2018-14572
was published
for
conference-scheduler-cli
(pip)
Oct 29, 2018
OS Command Injection in cookiecutter
High
CVE-2022-24065
was published
for
cookiecutter
(pip)
Jun 9, 2022
remote code execution via git repo provider
Critical
CVE-2021-39159
was published
for
binderhub
(pip)
Aug 30, 2021
OS Command injection in Apache Airflow
High
CVE-2022-24288
was published
for
apache-airflow
(pip)
Feb 26, 2022
Command injection via Celery broker in Apache Airflow
Critical
CVE-2020-11981
was published
for
apache-airflow
(pip)
Jul 27, 2020
Remote code execution (RCE) in Apache Airflow
High
CVE-2020-11978
was published
for
apache-airflow
(pip)
Jul 27, 2020
Apache Airflow vulnerable to OS Command Injection via example DAGs
High
CVE-2022-40127
was published
for
apache-airflow
(pip)
Nov 14, 2022
OS Command Injection and Improper Input Validation in ansible
High
CVE-2019-14904
was published
for
ansible
(pip)
Apr 20, 2021
Nuclei Template Signature Verification Bypass
High
CVE-2024-43405
was published
for
github.com/projectdiscovery/nuclei
(Go)
Sep 4, 2024
Apache Superset OS Command Injection
High
CVE-2020-13948
was published
for
apache-superset
(pip)
May 24, 2022
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow
High
CVE-2024-42370
was published
for
litestar
(pip)
Aug 9, 2024
•
withdrawn
Nuclei allows unsigned code template execution through workflows
High
CVE-2024-27920
was published
for
github.com/projectdiscovery/nuclei/v3
(Go)
Mar 15, 2024
Remote Code Execution due to Full Controled File Write in mlflow
Critical
CVE-2023-6018
was published
for
mlflow
(pip)
Nov 16, 2023
soft-serve vulnerable to arbitrary code execution by crafting git-lfs requests
High
CVE-2024-41956
was published
for
github.com/charmbracelet/soft-serve
(Go)
Aug 2, 2024
rejetto HFS vulnerable to OS Command Execution by remote authenticated users
Critical
CVE-2024-39943
was published
for
hfs
(npm)
Jul 5, 2024
LocalAI Command Injection in audioToWav
Critical
CVE-2024-2029
was published
for
github.com/go-skynet/LocalAI
(Go)
Apr 10, 2024
projectdiscovery/nuclei allows unsigned code template execution through workflows
High
CVE-2024-40641
was published
for
github.com/projectdiscovery/nuclei/v3
(Go)
Jul 17, 2024
Sliver Allows Authenticated Operator-to-Server Remote Code Execution
High
CVE-2024-41111
was published
for
github.com/bishopfox/sliver
(Go)
Jul 18, 2024
SaltStack Salt Command Injection in netapi ssh client
Critical
CVE-2020-16846
was published
for
salt
(pip)
May 24, 2022
Command Injection Vulnerability
High
CVE-2021-21315
was published
for
systeminformation
(npm)
Feb 16, 2021
Command Injection in Kylin
High
CVE-2020-1956
was published
for
org.apache.kylin:kylin-core-common
(Maven)
Jul 27, 2020
ProTip!
Advisories are also available from the
GraphQL API