GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,071
Erlang
29
GitHub Actions
19
Go
1,893
Maven
5,000+
npm
3,630
NuGet
638
pip
3,243
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
156 advisories
Filter by severity
rejetto HFS vulnerable to OS Command Execution by remote authenticated users
Critical
CVE-2024-39943
was published
for
hfs
(npm)
Jul 5, 2024
tiagorlampert CHAOS vulnerable to arbitrary code execution
Critical
CVE-2024-33434
was published
for
github.com/tiagorlampert/CHAOS
(Go)
May 7, 2024
LocalAI Command Injection in audioToWav
Critical
CVE-2024-2029
was published
for
github.com/go-skynet/LocalAI
(Go)
Apr 10, 2024
discordrb OS Command Injection vulnerability
Critical
CVE-2023-28102
was published
for
discordrb
(RubyGems)
Mar 14, 2024
PaddlePaddle command injection in paddle.utils.download._wget_download
Critical
CVE-2024-0815
was published
for
paddlepaddle
(pip)
Mar 7, 2024
PaddlePaddle command injection in convert_shape_compare
Critical
CVE-2023-52314
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
PaddlePaddle command injection in _wget_download
Critical
CVE-2023-52311
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
PaddlePaddle command injection in get_online_pass_interval
Critical
CVE-2023-52310
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
Pedroetb TTS-API OS Command Injection
Critical
CVE-2019-25158
was published
for
tts-api
(npm)
Dec 19, 2023
Remote Code Execution due to Full Controled File Write in mlflow
Critical
CVE-2023-6018
was published
for
mlflow
(pip)
Nov 16, 2023
Ray OS Command Injection vulnerability
Critical
CVE-2023-6019
was published
for
ray
(pip)
Nov 16, 2023
Foreman Transpilation Enables OS Command Injection
Critical
CVE-2022-3874
was published
for
foreman
(RubyGems)
Sep 22, 2023
•
withdrawn
Command Injection Vulnerability in find-exec
Critical
CVE-2023-40582
was published
for
find-exec
(npm)
Aug 30, 2023
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
Critical
CVE-2023-40267
was published
for
GitPython
(pip)
Aug 11, 2023
Command injection in PaddlePaddle
Critical
CVE-2023-38673
was published
for
paddlepaddle
(pip)
Jul 26, 2023
git-commit-info vulnerable to Command Injection
Critical
CVE-2023-26134
was published
for
git-commit-info
(npm)
Jun 28, 2023
Langchain OS Command Injection vulnerability
Critical
CVE-2023-34540
was published
for
langchain
(pip)
Jun 14, 2023
Brook's tproxy server is vulnerable to a drive-by command injection.
Critical
CVE-2023-33965
was published
for
github.com/txthinking/brook
(Go)
Jun 6, 2023
Command injection in OpenTSDB
Critical
CVE-2023-25826
was published
for
net.opentsdb:opentsdb
(Maven)
May 3, 2023
appium-desktop OS Command Injection vulnerability
Critical
CVE-2023-2479
was published
for
appium-desktop
(npm)
May 2, 2023
Duplicate Advisory: AVideo contains Command injection when embedding a video link
Critical
GHSA-wj6r-53f5-q789
was published
for
wwbn/avideo
(Composer)
Apr 25, 2023
•
withdrawn
Gogs OS Command Injection vulnerability
Critical
CVE-2022-2024
was published
for
gogs.io/gogs
(Go)
Feb 28, 2023
nemo-appium vulnerable to OS Command Injection
Critical
CVE-2022-21129
was published
for
nemo-appium
(npm)
Jan 31, 2023
wifey vulnerable to Command Injection due to improper input sanitization
Critical
CVE-2022-25890
was published
for
wifey
(npm)
Jan 9, 2023
ProTip!
Advisories are also available from the
GraphQL API