Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

378 advisories

Loading
pydash Command Injection vulnerability Critical
CVE-2023-26145 was published for pydash (pip) Sep 28, 2023
systeminformation SSID Command Injection Vulnerability Critical
CVE-2023-42810 was published for systeminformation (npm) Sep 21, 2023
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA Critical
CVE-2023-33831 was published for @frangoteam/fuxa (npm) Sep 18, 2023
ScanCode.io command injection in docker image fetch process Moderate
CVE-2023-39523 was published for scancodeio (pip) Aug 9, 2023
0xmpij
Credited to 0xmpij
.NET Remote Code Execution Vulnerability High
CVE-2023-35390 was published for Microsoft.NET.Build.Containers (NuGet) Aug 9, 2023
RaspAP Command Injection vulnerability High
CVE-2022-39987 was published for billz/raspap-webgui (Composer) Aug 1, 2023
MarkLee131
Credited to MarkLee131
RaspAP Command Injection vulnerability Critical
CVE-2022-39986 was published for billz/raspap-webgui (Composer) Aug 1, 2023
MarkLee131
Credited to MarkLee131
Spring-boot-admin sandbox bypass via crafted HTML High
CVE-2023-38286 was published for de.codecentric:spring-boot-admin-server (Maven) Jul 14, 2023
ymuraki-csc danielfernandez
Subrhamanya
Credited to ymuraki-csc, danielfernandez, and Subrhamanya
Concrete CMS Cross-site Scripting vulnerability Moderate
CVE-2022-43695 was published for concrete5/concrete5 (Composer) Jul 6, 2023
Apache Kylin vulnerable to remote code execution Critical
CVE-2022-24697 was published for org.apache.kylin:kylin-core-common (Maven) Jul 6, 2023
1Panel vulnerable to command injection when entering the container terminal Moderate
CVE-2023-36458 was published for github.com/1Panel-dev/1Panel (Go) Jul 5, 2023
Malayke
Credited to Malayke
1Panel vulnerable to command injection when adding container repositories Moderate
CVE-2023-36457 was published for github.com/1Panel-dev/1Panel (Go) Jul 5, 2023
git-commit-info vulnerable to Command Injection High
CVE-2023-26134 was published for git-commit-info (npm) Jun 28, 2023
dsimk
Credited to dsimk
jcvi vulnerable to Configuration Injection due to unsanitized user input High
CVE-2023-35932 was published for jcvi (pip) Jun 23, 2023
Sim4n6
Credited to Sim4n6
RaspAP raspap-webgui Command Injection vulnerability High
CVE-2023-30260 was published for billz/raspap-webgui (Composer) Jun 23, 2023
Snowflake NodeJS Driver vulnerable to Command Injection High
CVE-2023-34232 was published for snowflake-sdk (npm) Jun 9, 2023
Snowflake Golang Driver vulnerable to Command Injection High
CVE-2023-34231 was published for github.com/snowflakedb/gosnowflake (Go) Jun 9, 2023
Snowflake Python Connector vulnerable to Command Injection High
CVE-2023-34233 was published for snowflake-connector-python (pip) Jun 9, 2023
Snowflake Connector .Net Command Injection High
CVE-2023-34230 was published for Snowflake.Data (NuGet) Jun 9, 2023
ruby-saml vulnerable to XPath injection Critical
CVE-2015-20108 was published for ruby-saml (RubyGems) May 27, 2023
bwm-ng vulnerable to command injection High
CVE-2023-26129 was published for bwm-ng (npm) May 27, 2023
n158 vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function High
CVE-2023-26127 was published for n158 (npm) May 27, 2023
keep-module-latest vulnerable to Command Injection due to missing input sanitization High
CVE-2023-26128 was published for keep-module-latest (npm) May 27, 2023
WWBN AVideo command injection vulnerability High
CVE-2023-32073 was published for wwbn/avideo (Composer) May 12, 2023
jmrcsnchz
Credited to jmrcsnchz
Improper input validation in github.com/gin-gonic/gin Moderate
CVE-2023-26125 was published for github.com/gin-gonic/gin (Go) May 4, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database