Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

383 advisories

Loading
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled Critical
CVE-2024-56145 was published for craftcms/cms (Composer) Dec 18, 2024
akues-an
MantisBT Remote Code Execution High
CVE-2019-15715 was published for mantisbt/mantisbt (Composer) May 24, 2022
LLama-Index CLI OS command injection vulnerability High
CVE-2025-1753 was published for llama-index-cli (pip) May 28, 2025
Cromwell GitHub Actions Secrets exfiltration via `Issue_comment` Critical
GHSA-phf6-hm3h-x8qp was published for broadinstitute/cromwell (GitHub Actions) May 28, 2025
darryk10 loresuso
AlbertoPellitteri
Insufficient input sanitization in ejson2env Moderate
CVE-2025-48069 was published for ejson2env (RubyGems) May 21, 2025
thepwagner alexhope61
rj-coleman Owen-Cummings
The Backup Plus extension for TYPO3 (ns_backup) allows command injections Moderate
CVE-2025-48204 was published for nitsan/ns-backup (Composer) May 21, 2025
Apache Kylin vulnerable to remote code execution Critical
CVE-2022-24697 was published for org.apache.kylin:kylin-core-common (Maven) Jul 6, 2023
motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution High
CVE-2025-47782 was published for motioneye (pip) May 15, 2025
hyperlyz MichaIng
AWorld OS Command Injection vulnerability Low
CVE-2025-4032 was published for aworld (pip) Apr 28, 2025
OPA server Data API HTTP path injection of Rego High
CVE-2025-46569 was published for github.com/open-policy-agent/opa (Go) May 1, 2025
GamrayW HyouKash
AdrienIT
vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server entrypoints Critical
CVE-2024-9053 was published for vllm (pip) Mar 20, 2025
snyk Code Injection vulnerability High
CVE-2022-24441 was published for snyk (npm) Jul 6, 2023
YoutubeDLSharp allows command injection on windows system due to non sanitized arguments Critical
CVE-2025-43858 was published for YoutubeDLSharp (NuGet) Apr 23, 2025
kitsumed alxnull
cycle-import-check vulnerable to Command Injection Critical
CVE-2022-24377 was published for cycle-import-check (npm) Dec 14, 2022
Whoogle allows attackers to execute arbitrary code via supplying a crafted search query High
CVE-2024-53305 was published for whoogle-search (pip) Apr 16, 2025
Elasticsearch Logstash allows remote attackers to execute arbitrary commands High
CVE-2014-4326 was published for logstash (RubyGems) May 14, 2022
postmodern tdeo
Duplicate Advisory: D-Tale Command Injection vulnerability Critical
CVE-2025-0655 was published for dtale (pip) Mar 20, 2025 withdrawn
Drupal AI Vulnerable to OS Command Injection Moderate
CVE-2025-31693 was published for drupal/ai (Composer) Apr 1, 2025
Neo4J vulnerable to Cross-Site Request Forgery High
CVE-2013-7259 was published for org.neo4j:neo4j (Maven) May 17, 2022
exec-local-bin vulnerable to Command Injection Critical
CVE-2022-25923 was published for exec-local-bin (npm) Jan 6, 2023
Improper Control of Generation of Code ('Code Injection') in Azure CLI High
CVE-2022-39327 was published for azure-cli (pip) Oct 25, 2022
global-modules-path Command Injection vulnerability Critical
CVE-2022-21191 was published for global-modules-path (npm) Jan 13, 2023
jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal" High
CVE-2025-30370 was published for jupyterlab-git (pip) Apr 4, 2025
dlqqq rpwagner
krassowski
Drupal AI Vulnerable to OS Command Injection via Optional Automator Types Moderate
CVE-2025-31692 was published for drupal/ai (Composer) Apr 1, 2025
Command Injection in puppet-facter High
CVE-2022-25350 was published for puppet-facter (npm) Jan 26, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database