GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
55 advisories
Filter by severity
LLama Factory Remote OS Command Injection Vulnerability
High
CVE-2024-52803
was published
for
llamafactory
(pip)
Nov 21, 2024
pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API
High
CVE-2024-47821
was published
for
pyload-ng
(pip)
Oct 28, 2024
AutoGPT bypass of the shell commands denylist settings
Critical
CVE-2024-6091
was published
for
agpt
(pip)
Sep 11, 2024
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow
High
CVE-2024-42370
was published
for
litestar
(pip)
Aug 9, 2024
•
withdrawn
Remote Code Execution in create_conda_env function in lollms
Moderate
CVE-2024-3121
was published
for
lollms
(pip)
Jun 24, 2024
sagemaker-python-sdk Command Injection vulnerability
High
CVE-2024-34073
was published
for
sagemaker
(pip)
May 3, 2024
yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581)
High
CVE-2024-22423
was published
for
yt-dlp
(pip)
Apr 10, 2024
ansys-geometry-core OS Command Injection vulnerability
High
CVE-2024-29189
was published
for
ansys-geometry-core
(pip)
Mar 25, 2024
PaddlePaddle command injection in paddle.utils.download._wget_download
Critical
CVE-2024-0815
was published
for
paddlepaddle
(pip)
Mar 7, 2024
PaddlePaddle command injection in get_online_pass_interval
Critical
CVE-2023-52310
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
PaddlePaddle command injection in convert_shape_compare
Critical
CVE-2023-52314
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
PaddlePaddle command injection in _wget_download
Critical
CVE-2023-52311
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
Ray OS Command Injection vulnerability
Critical
CVE-2023-6019
was published
for
ray
(pip)
Nov 16, 2023
Remote Code Execution due to Full Controled File Write in mlflow
Critical
CVE-2023-6018
was published
for
mlflow
(pip)
Nov 16, 2023
yt-dlp on Windows vulnerable to `--exec` command injection when using `%q`
High
CVE-2023-40581
was published
for
yt-dlp
(pip)
Sep 25, 2023
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
Critical
CVE-2023-40267
was published
for
GitPython
(pip)
Aug 11, 2023
mlflow vulnerable to OS Command Injection
High
CVE-2023-4033
was published
for
mlflow
(pip)
Aug 1, 2023
Command injection in PaddlePaddle
Critical
CVE-2023-38673
was published
for
paddlepaddle
(pip)
Jul 26, 2023
Langchain OS Command Injection vulnerability
Critical
CVE-2023-34540
was published
for
langchain
(pip)
Jun 14, 2023
IPython vulnerable to command injection via set_term_title
Low
CVE-2023-24816
was published
for
ipython
(pip)
Feb 10, 2023
OS Command Injection in Apache Airflow
Moderate
CVE-2022-40954
was published
for
apache-airflow
(pip)
Nov 22, 2022
OS Command Injection in Apache Airflow
Critical
CVE-2022-38649
was published
for
apache-airflow
(pip)
Nov 22, 2022
OS Command Injection in Apache Airflow
Critical
CVE-2022-40189
was published
for
apache-airflow
(pip)
Nov 22, 2022
OS Command Injection in Apache Airflow
High
CVE-2022-41131
was published
for
apache-airflow-providers-apache-hive
(pip)
Nov 22, 2022
Apache Airflow vulnerable to OS Command Injection via example DAGs
High
CVE-2022-40127
was published
for
apache-airflow
(pip)
Nov 14, 2022
ProTip!
Advisories are also available from the
GraphQL API