Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

44 advisories

Loading
Insufficient input sanitization in ejson2env Moderate
CVE-2025-48069 was published for ejson2env (RubyGems) May 21, 2025
thepwagner alexhope61
rj-coleman Owen-Cummings
The Backup Plus extension for TYPO3 (ns_backup) allows command injections Moderate
CVE-2025-48204 was published for nitsan/ns-backup (Composer) May 21, 2025
Drupal AI Vulnerable to OS Command Injection Moderate
CVE-2025-31693 was published for drupal/ai (Composer) Apr 1, 2025
Drupal AI Vulnerable to OS Command Injection via Optional Automator Types Moderate
CVE-2025-31692 was published for drupal/ai (Composer) Apr 1, 2025
pgAdmin failed to properly control the server code Moderate
CVE-2023-5002 was published for pgadmin4 (pip) Sep 22, 2023
Code injection in `saved_model_cli` Moderate
CVE-2021-41228 was published for tensorflow (pip) Nov 10, 2021
Code Injection in SLO Generator Moderate
CVE-2021-22557 was published for slo-generator (pip) Oct 5, 2021
Nuclei Template Signature Verification Bypass Moderate
CVE-2024-43405 was published for github.com/projectdiscovery/nuclei/v3 (Go) Sep 4, 2024
GuyGoldenberg
ggit is vulnerable to Command Injection via the fetchTags(branch) API Moderate
CVE-2024-21532 was published for ggit (npm) Oct 8, 2024
Remote Code Execution in create_conda_env function in lollms Moderate
CVE-2024-3121 was published for lollms (pip) Jun 24, 2024
Renovate vulnerable to arbitrary command injection via helmv3 manager and registryAliases Moderate
GHSA-rqgv-292v-5qgr was published for renovate (npm) Apr 23, 2024
meyfa
Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime Moderate
CVE-2023-51699 was published for github.com/fluid-cloudnative/fluid (Go) Mar 15, 2024
zhang-x-z
baserCMS OS command injection vulnerability in Installer Moderate
CVE-2023-51450 was published for baserproject/basercms (Composer) Feb 22, 2024
Reflected XSS in SilverStripe Moderate
CVE-2019-19325 was published for silverstripe/framework (Composer) Feb 24, 2020
Puppet Arbitrary Command Execution Moderate
CVE-2012-1988 was published for puppet (RubyGems) May 14, 2022
chromedriver Command Injection vulnerability Moderate
CVE-2023-26156 was published for chromedriver (npm) Nov 9, 2023
Cocaine Gem OS Command Injection vulnerability Moderate
CVE-2013-4457 was published for cocaine (RubyGems) Oct 24, 2017
Kubernetes Arbitrary Command Injection Moderate
CVE-2018-1002101 was published for k8s.io/kubernetes (Go) Feb 15, 2022
OS Command Injection in Rake Moderate
CVE-2020-8130 was published for rake (RubyGems) Feb 28, 2020
Snyk plugins vulnerable to Command Injection Moderate
CVE-2022-22984 was published for @snyk/snyk-cocoapods-plugin (npm) Nov 30, 2022
OS Command Injection in Apache Airflow Moderate
CVE-2022-40954 was published for apache-airflow (pip) Nov 22, 2022
sharp vulnerable to Command Injection in post-installation over build environment Moderate
CVE-2022-29256 was published for sharp (npm) Jun 1, 2022
dwisiswant0
Exposure of home directory through shescape on Unix with Bash Moderate
CVE-2022-24725 was published for shescape (npm) Mar 3, 2022
Command injection in Rancher Git package Moderate
CVE-2022-43758 was published for github.com/rancher/rancher (Go) Jan 25, 2023
cokeBeer snoopysecurity
Command injection in github.com/google/fscrypt Moderate
CVE-2022-25328 was published for github.com/google/fscrypt (Go) Feb 26, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database