GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,014
Maven
5,000+
npm
3,721
NuGet
662
pip
3,393
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
137 advisories
Filter by severity
mlflow vulnerable to OS Command Injection
High
CVE-2023-4033
was published
for
mlflow
(pip)
Aug 1, 2023
LLama Factory Remote OS Command Injection Vulnerability
High
CVE-2024-52803
was published
for
llamafactory
(pip)
Nov 21, 2024
Apache Spark UI can allow impersonation if ACLs enabled
High
CVE-2022-33891
was published
for
org.apache.spark:spark-parent_2.12
(Maven)
Jul 19, 2022
Zoraxy has an authenticated command injection in the Web SSH feature
High
CVE-2024-52010
was published
for
github.com/tobychui/zoraxy
(Go)
Nov 12, 2024
rejetto HFS vulnerable to OS Command Execution by remote authenticated users
High
CVE-2024-39943
was published
for
hfs
(npm)
Jul 5, 2024
Plenti arbitrary file write vulnerability
High
CVE-2024-49380
was published
for
github.com/plentico/plenti
(Go)
Oct 31, 2024
git-commit-info vulnerable to Command Injection
High
CVE-2023-26134
was published
for
git-commit-info
(npm)
Jun 28, 2023
OS Command Injection in Snyk gradle plugin
High
CVE-2024-48964
was published
for
snyk-gradle-plugin
(npm)
Oct 23, 2024
pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API
High
CVE-2024-47821
was published
for
pyload-ng
(pip)
Oct 28, 2024
OS Command Injection in Snyk php plugin
High
CVE-2024-48963
was published
for
snyk-php-plugin
(npm)
Oct 23, 2024
SaltStack Salt command injection via a crafted process name
High
CVE-2020-28243
was published
for
salt
(pip)
May 24, 2022
@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source
High
GHSA-fm76-w8jw-xf8m
was published
for
@saltcorn/plugins-loader
(npm)
Oct 3, 2024
Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script
High
CVE-2023-38886
was published
for
dolibarr/dolibarr
(Composer)
Sep 20, 2023
An authenticated user can execute arbitrary command in Gerapy
High
CVE-2021-32849
was published
for
gerapy
(pip)
Jan 6, 2022
Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands
High
CVE-2024-41815
was published
for
starship
(Rust)
Jul 26, 2024
conference-scheduler-cli Arbitrary Code Execution
High
CVE-2018-14572
was published
for
conference-scheduler-cli
(pip)
Oct 29, 2018
OS Command injection in Apache Airflow
High
CVE-2022-24288
was published
for
apache-airflow
(pip)
Feb 26, 2022
Remote code execution (RCE) in Apache Airflow
High
CVE-2020-11978
was published
for
apache-airflow
(pip)
Jul 27, 2020
Apache Airflow vulnerable to OS Command Injection via example DAGs
High
CVE-2022-40127
was published
for
apache-airflow
(pip)
Nov 14, 2022
OS Command Injection and Improper Input Validation in ansible
High
CVE-2019-14904
was published
for
ansible
(pip)
Apr 20, 2021
ProTip!
Advisories are also available from the
GraphQL API