Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,885
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,209
NuGet
744
pip
3,987
Pub
12
RubyGems
950
Rust
1,035
Swift
45
Unreviewed advisories
All unreviewed
5,000+

49 advisories

Loading
gix-transport code execution vulnerability Moderate
CVE-2023-53158 was published for gix-transport (Rust) Sep 25, 2023
EliahKagan
Duplicate Advisory: gix-transport code execution vulnerability Moderate
GHSA-5c5j-jmhx-q2gr was published for gix-transport (Rust) Jul 28, 2025 withdrawn
Calibre Web and Autocaliweb have OS Command Injection vulnerability Moderate
CVE-2025-7404 was published for calibreweb (pip) Jul 24, 2025
gelbphoenix
phpThumb is vulnerable to Command Injection through its gif_outputAsJpeg function Moderate
CVE-2025-52994 was published for james-heinrich/phpthumb (Composer) Jul 11, 2025
iOS Simulator MCP Command Injection allowed via exec API Moderate
CVE-2025-52573 was published for ios-simulator-mcp (npm) Jun 26, 2025
lirantal
Insufficient input sanitization in ejson2env Moderate
CVE-2025-48069 was published for ejson2env (RubyGems) May 21, 2025
thepwagner alexhope61
rj-coleman Owen-Cummings
The Backup Plus extension for TYPO3 (ns_backup) allows command injections Moderate
CVE-2025-48204 was published for nitsan/ns-backup (Composer) May 21, 2025
Drupal AI Vulnerable to OS Command Injection Moderate
CVE-2025-31693 was published for drupal/ai (Composer) Apr 1, 2025
Drupal AI Vulnerable to OS Command Injection via Optional Automator Types Moderate
CVE-2025-31692 was published for drupal/ai (Composer) Apr 1, 2025
pgAdmin failed to properly control the server code Moderate
CVE-2023-5002 was published for pgadmin4 (pip) Sep 22, 2023
Code injection in `saved_model_cli` Moderate
CVE-2021-41228 was published for tensorflow (pip) Nov 10, 2021
Code Injection in SLO Generator Moderate
CVE-2021-22557 was published for slo-generator (pip) Oct 5, 2021
Nuclei Template Signature Verification Bypass Moderate
CVE-2024-43405 was published for github.com/projectdiscovery/nuclei/v3 (Go) Sep 4, 2024
GuyGoldenberg
ggit is vulnerable to Command Injection via the fetchTags(branch) API Moderate
CVE-2024-21532 was published for ggit (npm) Oct 8, 2024
Remote Code Execution in create_conda_env function in lollms Moderate
CVE-2024-3121 was published for lollms (pip) Jun 24, 2024
Renovate vulnerable to arbitrary command injection via helmv3 manager and registryAliases Moderate
GHSA-rqgv-292v-5qgr was published for renovate (npm) Apr 23, 2024
meyfa
Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime Moderate
CVE-2023-51699 was published for github.com/fluid-cloudnative/fluid (Go) Mar 15, 2024
zhang-x-z
baserCMS OS command injection vulnerability in Installer Moderate
CVE-2023-51450 was published for baserproject/basercms (Composer) Feb 22, 2024
Reflected XSS in SilverStripe Moderate
CVE-2019-19325 was published for silverstripe/framework (Composer) Feb 24, 2020
Puppet Arbitrary Command Execution Moderate
CVE-2012-1988 was published for puppet (RubyGems) May 14, 2022
chromedriver Command Injection vulnerability Moderate
CVE-2023-26156 was published for chromedriver (npm) Nov 9, 2023
Cocaine Gem OS Command Injection vulnerability Moderate
CVE-2013-4457 was published for cocaine (RubyGems) Oct 24, 2017
Kubernetes Arbitrary Command Injection Moderate
CVE-2018-1002101 was published for k8s.io/kubernetes (Go) Feb 15, 2022
OS Command Injection in Rake Moderate
CVE-2020-8130 was published for rake (RubyGems) Feb 28, 2020
Snyk plugins vulnerable to Command Injection Moderate
CVE-2022-22984 was published for @snyk/snyk-cocoapods-plugin (npm) Nov 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database