Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

140 advisories

Loading
HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation High
CVE-2024-6257 was published for github.com/hashicorp/go-getter (Go) Jun 25, 2024
Composer has multiple command injections via malicious git/hg branch names High
CVE-2024-35242 was published for composer/composer (Composer) Jun 10, 2024
haqpl
Composer has a command injection via malicious git branch name High
CVE-2024-35241 was published for composer/composer (Composer) Jun 10, 2024
martinhaunschmid
Spring-boot-admin sandbox bypass via crafted HTML High
CVE-2023-38286 was published for de.codecentric:spring-boot-admin-server (Maven) Jul 14, 2023
ymuraki-csc danielfernandez
Subrhamanya
Withdrawn: Runc allows an arbitrary systemd property to be injected High
GHSA-c5pj-mqfh-rvc3 was published for github.com/opencontainers/runc (Go) Apr 26, 2024 withdrawn
AkihiroSuda
Vanna prompt injection code execution High
CVE-2024-5565 was published for vanna (pip) May 31, 2024
Azure Identity SDK Remote Code Execution Vulnerability High
CVE-2023-36414 was published for Azure.Identity (NuGet) Oct 10, 2023
scottaddie
.NET Remote Code Execution Vulnerability High
CVE-2023-35390 was published for Microsoft.NET.Build.Containers (NuGet) Aug 9, 2023
@hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE High
CVE-2024-34347 was published for @hoppscotch/cli (npm) Apr 22, 2024
oskar-zeinomahmalat-sonarsource mufeedvh
CRI-O vulnerable to an arbitrary systemd property injection High
CVE-2024-3154 was published for github.com/cri-o/cri-o (Go) Apr 30, 2024
AkihiroSuda cclerget
Tryton vulnerable to arbitrary command execution High
CVE-2014-6633 was published for tryton (pip) May 14, 2022
Dolibarr authenticated Remote Code Execution High
CVE-2020-35136 was published for dolibarr/dolibarr (Composer) May 24, 2022
phpMyAdmin PHP code injection High
CVE-2016-6609 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Drupal Core Arbitrary PHP code execution vulnerability High
CVE-2020-13664 was published for drupal/core (Composer) May 24, 2022
SaltStack Salt command injection via a crafted process name High
CVE-2020-28243 was published for salt (pip) May 24, 2022
Command Injection in SaltStack Salt High
CVE-2021-31607 was published for salt (pip) May 24, 2022
Command Injection in lodash High
CVE-2021-23337 was published for lodash (npm) May 6, 2021
mitchell-codecov nitaiapiiro
ebickle
Gradio's CI vulnerable to Command Injection High
CVE-2024-1540 was published for gradio (pip) Mar 27, 2024 withdrawn
github-slug-action vulnerable to arbitrary code execution High
CVE-2023-27581 was published for rlespinasse/github-slug-action (GitHub Actions) Mar 13, 2023
R3x rlespinasse
aliyundrive-webdav vulnerable to Command Injection High
CVE-2024-29640 was published for aliyundrive-webdav (pip) Mar 29, 2024
Remote code execution in Apache Airflow High
CVE-2020-11978 was published for apache-airflow (pip) Jul 27, 2020
sunSUNQ
RCE in TranformGraph().to_dot_graph function High
CVE-2023-41334 was published for astropy (pip) Mar 18, 2024
u32i
furlongm openvpn-monitor command injection High
CVE-2021-31605 was published for openvpn-monitor (pip) May 24, 2022
Improper escaping of command arguments on Windows leading to command injection High
CVE-2021-41116 was published for composer/composer (Composer) Oct 5, 2021
paul-gerste-sonarsource
network Arbitrary Command Injection vulnerability High
CVE-2024-21488 was published for network (npm) Jan 30, 2024
ProTip! Advisories are also available from the GraphQL API