GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,002
Maven
5,000+
npm
3,713
NuGet
661
pip
3,384
Pub
11
RubyGems
885
Rust
850
Swift
36
Unreviewed advisories
All unreviewed
5,000+
30 advisories
Filter by severity
1Panel arbitrary file write vulnerability
Moderate
CVE-2024-34352
was published
for
github.com/1Panel-dev/1Panel
(Go)
May 9, 2024
dcnnt-py is vulnerable to command injection via Notification Handler
Moderate
CVE-2023-1000
was published
for
dcnnt
(pip)
Apr 27, 2024
gix-transport indirect code execution via malicious username
Moderate
CVE-2024-32884
was published
for
gitoxide
(Rust)
Apr 15, 2024
1Panel is vulnerable to command injection
Moderate
CVE-2024-2352
was published
for
github.com/1Panel-dev/1Panel
(Go)
Mar 10, 2024
Command Injection in pip when used with Mercurial
Moderate
CVE-2023-5752
was published
for
pip
(pip)
Oct 25, 2023
ScanCode.io command injection in docker image fetch process
Moderate
CVE-2023-39523
was published
for
scancodeio
(pip)
Aug 9, 2023
Concrete CMS Cross-site Scripting vulnerability
Moderate
CVE-2022-43695
was published
for
concrete5/concrete5
(Composer)
Jul 6, 2023
1Panel vulnerable to command injection when entering the container terminal
Moderate
CVE-2023-36458
was published
for
github.com/1Panel-dev/1Panel
(Go)
Jul 5, 2023
1Panel vulnerable to command injection when adding container repositories
Moderate
CVE-2023-36457
was published
for
github.com/1Panel-dev/1Panel
(Go)
Jul 5, 2023
Microweber vulnerable to command injection
Moderate
CVE-2023-1877
was published
for
microweber/microweber
(Composer)
Apr 5, 2023
Command injection in Rancher Git package
Moderate
CVE-2022-43758
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
@actions/core has Delimiter Injection Vulnerability in exportVariable
Moderate
CVE-2022-35954
was published
for
@actions/core
(npm)
Aug 18, 2022
sharp vulnerable to Command Injection in post-installation over build environment
Moderate
CVE-2022-29256
was published
for
sharp
(npm)
Jun 1, 2022
Puppet Arbitrary Command Execution
Moderate
CVE-2012-1988
was published
for
puppet
(RubyGems)
May 14, 2022
Command Injection in Apache Kylin
Moderate
CVE-2021-45456
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
Command Injection in Apache James
Moderate
CVE-2021-38542
was published
for
org.apache.james:james-server
(Maven)
Jan 8, 2022
Data races in noise_search
Moderate
CVE-2020-36461
was published
for
noise_search
(Rust)
Aug 25, 2021
Script injection
Moderate
CVE-2021-32660
was published
for
@backstage/techdocs-common
(npm)
Jun 4, 2021
Script injection
Moderate
CVE-2021-32661
was published
for
@backstage/plugin-techdocs
(npm)
Jun 4, 2021
Arbitrary command execution in roar-pidusage
Moderate
CVE-2021-23380
was published
for
roar-pidusage
(npm)
May 6, 2021
Arbitrary code execution in kill-by-port
Moderate
CVE-2021-23363
was published
for
kill-by-port
(npm)
Apr 13, 2021
Arbitrary Command Injection in portprocesses
Moderate
CVE-2021-23348
was published
for
portprocesses
(npm)
Apr 6, 2021
Command Injection in wxchangba
Moderate
GHSA-j6v9-xgvh-f796
was published
for
wxchangba
(npm)
Sep 11, 2020
ProTip!
Advisories are also available from the
GraphQL API