GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
53 advisories
Filter by severity
Markdown-supplied Shell Command Execution
Critical
CVE-2020-15271
was published
for
lookatme
(pip)
Oct 27, 2020
Langchain OS Command Injection vulnerability
Critical
CVE-2023-34540
was published
for
langchain
(pip)
Jun 14, 2023
Mercurial is vulnerable to shell injection attack
Critical
CVE-2017-1000116
was published
for
mercurial
(pip)
May 13, 2022
Mercurial vulnerable to arbitrary code injection
Critical
CVE-2017-17458
was published
for
mercurial
(pip)
May 13, 2022
IPython vulnerable to command injection via set_term_title
Low
CVE-2023-24816
was published
for
ipython
(pip)
Feb 10, 2023
An authenticated user can execute arbitrary command in Gerapy
High
CVE-2021-32849
was published
for
gerapy
(pip)
Jan 6, 2022
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
Critical
CVE-2023-40267
was published
for
GitPython
(pip)
Aug 11, 2023
Gerapy may cause remote code execution
Critical
CVE-2021-43857
was published
for
gerapy
(pip)
Jan 6, 2022
AutoGPT bypass of the shell commands denylist settings
Critical
CVE-2024-6091
was published
for
agpt
(pip)
Sep 11, 2024
Remote Code Execution in create_conda_env function in lollms
Moderate
CVE-2024-3121
was published
for
lollms
(pip)
Jun 24, 2024
conference-scheduler-cli Arbitrary Code Execution
High
CVE-2018-14572
was published
for
conference-scheduler-cli
(pip)
Oct 29, 2018
OS Command Injection in cookiecutter
High
CVE-2022-24065
was published
for
cookiecutter
(pip)
Jun 9, 2022
remote code execution via git repo provider
Critical
CVE-2021-39159
was published
for
binderhub
(pip)
Aug 30, 2021
OS Command injection in Apache Airflow
High
CVE-2022-24288
was published
for
apache-airflow
(pip)
Feb 26, 2022
Command injection via Celery broker in Apache Airflow
Critical
CVE-2020-11981
was published
for
apache-airflow
(pip)
Jul 27, 2020
Remote code execution (RCE) in Apache Airflow
High
CVE-2020-11978
was published
for
apache-airflow
(pip)
Jul 27, 2020
Apache Airflow vulnerable to OS Command Injection via example DAGs
High
CVE-2022-40127
was published
for
apache-airflow
(pip)
Nov 14, 2022
OS Command Injection and Improper Input Validation in ansible
High
CVE-2019-14904
was published
for
ansible
(pip)
Apr 20, 2021
Apache Superset OS Command Injection
High
CVE-2020-13948
was published
for
apache-superset
(pip)
May 24, 2022
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow
High
CVE-2024-42370
was published
for
litestar
(pip)
Aug 9, 2024
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API