GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
138 advisories
Filter by severity
Grafana Command Injection And Local File Inclusion Via Sql Expressions
Critical
CVE-2024-9264
was published
for
github.com/grafana/grafana
(Go)
Oct 18, 2024
Command Injection in sequenceserver
Critical
CVE-2024-42360
was published
for
sequenceserver
(RubyGems)
Aug 13, 2024
CasaOS Command Injection vulnerability
Critical
CVE-2023-37469
was published
for
github.com/IceWhaleTech/CasaOS
(Go)
Aug 5, 2024
RaspAP allows an attacker to escalate privileges
Critical
CVE-2024-41637
was published
for
billz/raspap-webgui
(Composer)
Jul 29, 2024
Vanna prompt injection code execution
Critical
CVE-2024-5565
was published
for
vanna
(pip)
May 31, 2024
ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command
Critical
CVE-2024-5023
was published
for
consoleme
(pip)
May 16, 2024
Apache HugeGraph-Server: Command execution in gremlin
Critical
CVE-2024-27348
was published
for
org.apache.hugegraph:hugegraph-api
(Maven)
Apr 22, 2024
llama-index-core Command Injection vulnerability
Critical
CVE-2024-3271
was published
for
llama-index-core
(pip)
Apr 16, 2024
FitNesse allows execution of arbitrary OS commands
Critical
CVE-2024-28125
was published
for
org.fitnesse:fitnesse
(Maven)
Mar 18, 2024
PaddlePaddle command injection vulnerability
Critical
CVE-2024-0817
was published
for
paddlepaddle
(pip)
Mar 7, 2024
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
Critical
CVE-2024-23346
was published
for
pymatgen
(pip)
Feb 21, 2024
Apache StreamPark: Authenticated system users could trigger remote command execution
Critical
CVE-2023-49898
was published
for
org.apache.streampark:streampark
(Maven)
Dec 15, 2023
Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Critical
CVE-2023-6572
was published
for
gradio
(pip)
Dec 14, 2023
openssl npm package vulnerable to command execution
Critical
CVE-2023-49210
was published
for
openssl
(npm)
Nov 23, 2023
geokit-rails Command Injection vulnerability
Critical
CVE-2023-26153
was published
for
geokit-rails
(RubyGems)
Oct 6, 2023
pydash Command Injection vulnerability
Critical
CVE-2023-26145
was published
for
pydash
(pip)
Sep 28, 2023
systeminformation SSID Command Injection Vulnerability
Critical
CVE-2023-42810
was published
for
systeminformation
(npm)
Sep 21, 2023
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA
Critical
CVE-2023-33831
was published
for
@frangoteam/fuxa
(npm)
Sep 18, 2023
RaspAP Command Injection vulnerability
Critical
CVE-2022-39986
was published
for
billz/raspap-webgui
(Composer)
Aug 1, 2023
Apache Kylin vulnerable to remote code execution
Critical
CVE-2022-24697
was published
for
org.apache.kylin:kylin-core-common
(Maven)
Jul 6, 2023
ruby-saml vulnerable to XPath injection
Critical
CVE-2015-20108
was published
for
ruby-saml
(RubyGems)
May 27, 2023
Remote code execution in broccoli-compass
Critical
CVE-2023-27848
was published
for
broccoli-compass
(npm)
Apr 24, 2023
Remote code execution in dawnsparks-node-tesseract
Critical
CVE-2023-29566
was published
for
dawnsparks-node-tesseract
(npm)
Apr 24, 2023
stoqey/gnuplot is vulnerable to command injection
Critical
CVE-2021-33360
was published
for
@stoqey/gnuplot
(npm)
Mar 10, 2023
json-logic-js Command Injection vulnerability
Critical
CVE-2021-4329
was published
for
json-logic-js
(npm)
Mar 5, 2023
ProTip!
Advisories are also available from the
GraphQL API