Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

137 advisories

Loading
LLama Factory Remote OS Command Injection Vulnerability High
CVE-2024-52803 was published for llamafactory (pip) Nov 21, 2024
superboy-zjc
Zoraxy has an authenticated command injection in the Web SSH feature High
CVE-2024-52010 was published for github.com/tobychui/zoraxy (Go) Nov 12, 2024
n-thumann
Plenti arbitrary file write vulnerability High
CVE-2024-49380 was published for github.com/plentico/plenti (Go) Oct 31, 2024
pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API High
CVE-2024-47821 was published for pyload-ng (pip) Oct 28, 2024
anuraagbaishya
OS Command Injection in Snyk gradle plugin High
CVE-2024-48964 was published for snyk-gradle-plugin (npm) Oct 23, 2024
OS Command Injection in Snyk php plugin High
CVE-2024-48963 was published for snyk-php-plugin (npm) Oct 23, 2024
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow High
CVE-2024-42370 was published for litestar (pip) Aug 9, 2024 withdrawn
pwntester JacobCoffee
soft-serve vulnerable to arbitrary code execution by crafting git-lfs requests High
CVE-2024-41956 was published for github.com/charmbracelet/soft-serve (Go) Aug 2, 2024
caarlos0 aymanbagabas
hdm deadpixi
Sliver Allows Authenticated Operator-to-Server Remote Code Execution High
CVE-2024-41111 was published for github.com/bishopfox/sliver (Go) Jul 18, 2024
hyperreality
projectdiscovery/nuclei allows unsigned code template execution through workflows High
CVE-2024-40641 was published for github.com/projectdiscovery/nuclei/v3 (Go) Jul 17, 2024
Ovi3
rejetto HFS vulnerable to OS Command Execution by remote authenticated users High
CVE-2024-39943 was published for hfs (npm) Jul 5, 2024
Passbolt Api Remote code execution High
GHSA-cv5c-2qv5-w2m2 was published for passbolt/passbolt_api (Composer) May 20, 2024
fuel/core ImageMagick driver does not escape all shell arguments. High
GHSA-26hp-cgjj-m2j3 was published for fuel/core (Composer) May 15, 2024
sagemaker-python-sdk Command Injection vulnerability High
CVE-2024-34073 was published for sagemaker (pip) May 3, 2024
Kasimir123
Heketi Arbitrary Code Execution High
CVE-2017-15103 was published for github.com/heketi/heketi (Go) Apr 24, 2024
Arbitrary Code Execution in Gitea High
CVE-2020-14144 was published for code.gitea.io/gitea (Go) Apr 22, 2024
tiagorlampert CHAOS vulnerable to command injections High
CVE-2024-30850 was published for github.com/tiagorlampert/CHAOS (Go) Apr 12, 2024
ansys-geometry-core OS Command Injection vulnerability High
CVE-2024-29189 was published for ansys-geometry-core (pip) Mar 25, 2024
RobPasMue
Nuclei allows unsigned code template execution through workflows High
CVE-2024-27920 was published for github.com/projectdiscovery/nuclei/v3 (Go) Mar 15, 2024
yt-dlp on Windows vulnerable to `--exec` command injection when using `%q` High
CVE-2023-40581 was published for yt-dlp (pip) Sep 25, 2023
Grub4K
Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script High
CVE-2023-38886 was published for dolibarr/dolibarr (Composer) Sep 20, 2023
mlflow vulnerable to OS Command Injection High
CVE-2023-4033 was published for mlflow (pip) Aug 1, 2023
ProTip! Advisories are also available from the GraphQL API