GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
158 advisories
Filter by severity
Markdown-supplied Shell Command Execution
Critical
CVE-2020-15271
was published
for
lookatme
(pip)
Oct 27, 2020
Langchain OS Command Injection vulnerability
Critical
CVE-2023-34540
was published
for
langchain
(pip)
Jun 14, 2023
Mercurial is vulnerable to shell injection attack
Critical
CVE-2017-1000116
was published
for
mercurial
(pip)
May 13, 2022
Chaosblade vulnerable to OS command execution
Critical
CVE-2023-47105
was published
for
github.com/chaosblade-io/chaosblade
(Go)
Sep 18, 2024
Mercurial vulnerable to arbitrary code injection
Critical
CVE-2017-17458
was published
for
mercurial
(pip)
May 13, 2022
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
Critical
CVE-2023-40267
was published
for
GitPython
(pip)
Aug 11, 2023
Gerapy may cause remote code execution
Critical
CVE-2021-43857
was published
for
gerapy
(pip)
Jan 6, 2022
AutoGPT bypass of the shell commands denylist settings
Critical
CVE-2024-6091
was published
for
agpt
(pip)
Sep 11, 2024
remote code execution via git repo provider
Critical
CVE-2021-39159
was published
for
binderhub
(pip)
Aug 30, 2021
Command injection via Celery broker in Apache Airflow
Critical
CVE-2020-11981
was published
for
apache-airflow
(pip)
Jul 27, 2020
Remote Code Execution due to Full Controled File Write in mlflow
Critical
CVE-2023-6018
was published
for
mlflow
(pip)
Nov 16, 2023
rejetto HFS vulnerable to OS Command Execution by remote authenticated users
Critical
CVE-2024-39943
was published
for
hfs
(npm)
Jul 5, 2024
LocalAI Command Injection in audioToWav
Critical
CVE-2024-2029
was published
for
github.com/go-skynet/LocalAI
(Go)
Apr 10, 2024
SaltStack Salt Command Injection in netapi ssh client
Critical
CVE-2020-16846
was published
for
salt
(pip)
May 24, 2022
tiagorlampert CHAOS vulnerable to arbitrary code execution
Critical
CVE-2024-33434
was published
for
github.com/tiagorlampert/CHAOS
(Go)
May 7, 2024
Withdrawn Advisory: OS Command Injection in effect
Critical
CVE-2020-7624
was published
for
effect
(npm)
Feb 10, 2022
•
withdrawn
docconv OS Command Injection vulnerability
Critical
CVE-2022-4643
was published
for
code.sajari.com/docconv
(Go)
Dec 22, 2022
XXL-JOB contains a Command execution vulnerability in background tasks
Critical
CVE-2022-40929
was published
for
com.xuxueli:xxl-job-core
(Maven)
Sep 29, 2022
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in ZMarkdown
Critical
GHSA-2c83-wfv3-q25f
was published
for
rebber
(npm)
Sep 7, 2021
Codiad Vulnerable to Shell Command Injection
Critical
CVE-2017-11366
was published
for
codiad/codiad
(Composer)
May 13, 2022
Akeneo PIM vulnerable to shell injection in the mass edition
Critical
CVE-2017-1000009
was published
for
akeneo/pim-community-dev
(Composer)
May 13, 2022
LibreNMS arbitrary OS commands execution
Critical
CVE-2018-20434
was published
for
librenms/librenms
(Composer)
May 24, 2022
php-shellcommand command injection vulnerability
Critical
CVE-2019-10774
was published
for
mikehaertl/php-shellcommand
(Composer)
May 24, 2022
Treekill Enables OS Command Injection
Critical
CVE-2019-15598
was published
for
tree-kill
(npm)
May 24, 2022
PIDUsage Enables OS Command Injection
Critical
CVE-2017-1000220
was published
for
pidusage
(npm)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API