Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

27 advisories

Loading
Command injection in Yamale High
CVE-2021-38305 was published for yamale (pip) Aug 11, 2021
Code injection in `saved_model_cli` High
CVE-2021-41228 was published for tensorflow (pip) Nov 10, 2021
OS Command Injection in Apache Airflow High
CVE-2022-41131 was published for apache-airflow-providers-apache-hive (pip) Nov 22, 2022
raboof
Improper Control of Generation of Code ('Code Injection') in Azure CLI High
CVE-2022-39327 was published for azure-cli (pip) Oct 25, 2022
Pillow command injection High
CVE-2014-3007 was published for pillow (pip) May 17, 2022
ClusterLabs crmsh vulnerable to shell code injection High
CVE-2020-35459 was published for crmsh (pip) May 24, 2022
Apache Spark UI can allow impersonation if ACLs enabled High
CVE-2022-33891 was published for org.apache.spark:spark-parent_2.12 (Maven) Jul 19, 2022
Code injection in nbgitpuller High
CVE-2021-39160 was published for nbgitpuller (pip) Aug 30, 2021
mlflow vulnerable to OS Command Injection High
CVE-2023-4033 was published for mlflow (pip) Aug 1, 2023
yt-dlp on Windows vulnerable to `--exec` command injection when using `%q` High
CVE-2023-40581 was published for yt-dlp (pip) Sep 25, 2023
Grub4K
ansys-geometry-core OS Command Injection vulnerability High
CVE-2024-29189 was published for ansys-geometry-core (pip) Mar 25, 2024
RobPasMue
yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581) High
CVE-2024-22423 was published for yt-dlp (pip) Apr 10, 2024
Ry0taK Grub4K
pukkandan
Command Injection in SaltStack Salt High
CVE-2021-31607 was published for salt (pip) May 24, 2022
SaltStack Salt command injection via a crafted process name High
CVE-2020-28243 was published for salt (pip) May 24, 2022
sagemaker-python-sdk Command Injection vulnerability High
CVE-2024-34073 was published for sagemaker (pip) May 3, 2024
Kasimir123
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow High
CVE-2024-42370 was published for litestar (pip) Aug 9, 2024 withdrawn
pwntester JacobCoffee
Apache Superset OS Command Injection High
CVE-2020-13948 was published for apache-superset (pip) May 24, 2022
OS Command Injection in bikeshed High
CVE-2021-23422 was published for bikeshed (pip) Aug 30, 2021
OS Command Injection in celery High
CVE-2021-23727 was published for celery (pip) Jan 6, 2022
OS Command Injection and Improper Input Validation in ansible High
CVE-2019-14904 was published for ansible (pip) Apr 20, 2021
OS Command Injection in ansible High
CVE-2020-1734 was published for ansible (pip) Feb 9, 2022
Apache Airflow vulnerable to OS Command Injection via example DAGs High
CVE-2022-40127 was published for apache-airflow (pip) Nov 14, 2022
Remote code execution (RCE) in Apache Airflow High
CVE-2020-11978 was published for apache-airflow (pip) Jul 27, 2020
sunSUNQ
OS Command injection in Apache Airflow High
CVE-2022-24288 was published for apache-airflow (pip) Feb 26, 2022
OS Command Injection in cookiecutter High
CVE-2022-24065 was published for cookiecutter (pip) Jun 9, 2022
ProTip! Advisories are also available from the GraphQL API