Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

24 advisories

Loading
Command injection via Celery broker in Apache Airflow Critical
CVE-2020-11981 was published for apache-airflow (pip) Jul 27, 2020
sunSUNQ
Markdown-supplied Shell Command Execution Critical
CVE-2020-15271 was published for lookatme (pip) Oct 27, 2020
OS Command Injection in jw.util Critical
CVE-2020-13388 was published for jw.util (pip) Jun 2, 2021
remote code execution via git repo provider Critical
CVE-2021-39159 was published for binderhub (pip) Aug 30, 2021
dreyercito rccern
Gerapy may cause remote code execution Critical
CVE-2021-43857 was published for gerapy (pip) Jan 6, 2022
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks Critical
CVE-2021-21386 was published for APKLeaks (pip) Jan 21, 2022
Ry0taK
Mercurial vulnerable to arbitrary code injection Critical
CVE-2017-17458 was published for mercurial (pip) May 13, 2022
Mercurial is vulnerable to shell injection attack Critical
CVE-2017-1000116 was published for mercurial (pip) May 13, 2022
Command Injection in Pygments Critical
CVE-2015-8557 was published for Pygments (pip) May 17, 2022
tdunlap607
Pillow command injection Critical
CVE-2014-3007 was published for pillow (pip) May 17, 2022
SaltStack Salt Command Injection in netapi ssh client Critical
CVE-2020-16846 was published for salt (pip) May 24, 2022
OS Command Injection in cookiecutter Critical
CVE-2022-24065 was published for cookiecutter (pip) Jun 9, 2022
OS Command Injection in Apache Airflow Critical
CVE-2022-38649 was published for apache-airflow (pip) Nov 22, 2022
sunSUNQ
OS Command Injection in Apache Airflow Critical
CVE-2022-40189 was published for apache-airflow (pip) Nov 22, 2022
Langchain OS Command Injection vulnerability Critical
CVE-2023-34540 was published for langchain (pip) Jun 14, 2023
Command injection in PaddlePaddle Critical
CVE-2023-38673 was published for paddlepaddle (pip) Jul 26, 2023
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments Critical
CVE-2023-40267 was published for GitPython (pip) Aug 11, 2023
Remote Code Execution due to Full Controled File Write in mlflow Critical
CVE-2023-6018 was published for mlflow (pip) Nov 16, 2023
marco27183 mberges21
Ray OS Command Injection vulnerability Critical
CVE-2023-6019 was published for ray (pip) Nov 16, 2023
PaddlePaddle command injection in get_online_pass_interval Critical
CVE-2023-52310 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle command injection in convert_shape_compare Critical
CVE-2023-52314 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle command injection in _wget_download Critical
CVE-2023-52311 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle command injection in paddle.utils.download._wget_download Critical
CVE-2024-0815 was published for paddlepaddle (pip) Mar 7, 2024
AutoGPT bypass of the shell commands denylist settings Critical
CVE-2024-6091 was published for agpt (pip) Sep 11, 2024
ProTip! Advisories are also available from the GraphQL API