Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,885
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,212
NuGet
744
pip
3,988
Pub
12
RubyGems
950
Rust
1,038
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
Command Injection in Limdu Low
CVE-2020-4066 was published for limdu (npm) Jun 22, 2020
Churro
Credited to Churro
Command injection in @diez/generation Low
CVE-2021-32830 was published for @diez/generation (npm) Sep 2, 2021
It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py... Low Unreviewed
CVE-2021-32556 was published May 24, 2022
IPython vulnerable to command injection via set_term_title Low
CVE-2023-24816 was published for ipython (pip) Feb 10, 2023
A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the... Low Unreviewed
CVE-2024-8869 was published Sep 16, 2024
Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts` Low
CVE-2024-52587 was published for step-security/harden-runner (GitHub Actions) Nov 18, 2024
woodruffw
Credited to woodruffw
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Low Unreviewed
CVE-2024-12970 was published Jan 6, 2025
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0... Low Unreviewed
CVE-2025-27398 was published Mar 11, 2025
AWorld OS Command Injection vulnerability Low
CVE-2025-4032 was published for aworld (pip) Apr 28, 2025
Ackites KillWxapkg vulnerable to OS Command Injection Low
CVE-2025-5030 was published for github.com/Ackites/KillWxapkg (Go) May 21, 2025
A command injection vulnerability has been reported to affect QHora. If an attacker gains local... Low Unreviewed
CVE-2024-13087 was published Jun 6, 2025
wong2 mcp-cli Command Injection Vulnerability Low
CVE-2025-9262 was published for @wong2/mcp-cli (npm) Aug 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database