Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,819
Erlang
36
GitHub Actions
32
Go
2,410
Maven
5,000+
npm
4,046
NuGet
723
pip
3,842
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

398 advisories

Loading
Ray OS Command Injection vulnerability Critical
CVE-2023-6019 was published for ray (pip) Nov 16, 2023
cpropps-sysdig
chromedriver Command Injection vulnerability Moderate
CVE-2023-26156 was published for chromedriver (npm) Nov 9, 2023
gix-transport code execution vulnerability Moderate
CVE-2023-53158 was published for gix-transport (Rust) Sep 25, 2023
EliahKagan
yt-dlp on Windows vulnerable to `--exec` command injection when using `%q` High
CVE-2023-40581 was published for yt-dlp (pip) Sep 25, 2023
Grub4K
Foreman Transpilation Enables OS Command Injection Critical
CVE-2022-3874 was published for foreman (RubyGems) Sep 22, 2023 withdrawn
drewblas MH4GF
hoshinotsuyoshi fesplugas-drms olleolleolle evgeni mrnovalles aramprice
pgAdmin failed to properly control the server code Moderate
CVE-2023-5002 was published for pgadmin4 (pip) Sep 22, 2023
Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script High
CVE-2023-38886 was published for dolibarr/dolibarr (Composer) Sep 20, 2023
Command Injection Vulnerability in find-exec Critical
CVE-2023-40582 was published for find-exec (npm) Aug 30, 2023
miguelafmonteiro
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments Critical
CVE-2023-40267 was published for GitPython (pip) Aug 11, 2023
Magento Open Source allows Improper Neutralization of Special Elements Used High
CVE-2023-38208 was published for magento/community-edition (Composer) Aug 9, 2023
mlflow vulnerable to OS Command Injection High
CVE-2023-4033 was published for mlflow (pip) Aug 1, 2023
Command injection in PaddlePaddle Critical
CVE-2023-38673 was published for paddlepaddle (pip) Jul 26, 2023
1Panel command injection vulnerability in Firewall ip functionality High
CVE-2023-37477 was published for github.com/1Panel-dev/1Panel (Go) Jul 18, 2023
Malayke amascia-gg
vm2 Sandbox Escape vulnerability Critical
CVE-2023-37903 was published for vm2 (npm) Jul 13, 2023
leesh3288
snyk Code Injection vulnerability High
CVE-2022-24441 was published for snyk (npm) Jul 6, 2023
Apache Kylin vulnerable to remote code execution Critical
CVE-2022-24697 was published for org.apache.kylin:kylin-core-common (Maven) Jul 6, 2023
git-commit-info vulnerable to Command Injection High
CVE-2023-26134 was published for git-commit-info (npm) Jun 28, 2023
dsimk
Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows High
CVE-2023-35174 was published for livebook (Erlang) Jun 21, 2023
maple3142
Langchain OS Command Injection vulnerability Critical
CVE-2023-34540 was published for langchain (pip) Jun 14, 2023
Brook's tproxy server is vulnerable to a drive-by command injection. Critical
CVE-2023-33965 was published for github.com/txthinking/brook (Go) Jun 6, 2023
pwntester
Dolibarr vulnerable to remote code execution via uppercase manipulation High
CVE-2023-30253 was published for dolibarr/dolibarr (Composer) May 29, 2023
n158 vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function High
CVE-2023-26127 was published for n158 (npm) May 27, 2023
keep-module-latest vulnerable to Command Injection due to missing input sanitization High
CVE-2023-26128 was published for keep-module-latest (npm) May 27, 2023
bwm-ng vulnerable to command injection High
CVE-2023-26129 was published for bwm-ng (npm) May 27, 2023
Command injection in OpenTSDB Critical
CVE-2023-25826 was published for net.opentsdb:opentsdb (Maven) May 3, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database