GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
57 advisories
Withdrawn Advisory: Dask Vulnerable to Command Injection
Critical
CVE-2024-10096
was published
for
dask
(pip)
Mar 20, 2025
•
withdrawn
XPixelGroup BasicSR Command Injection
Moderate
CVE-2024-27763
was published
for
basicsr
(pip)
Mar 12, 2025
virtualenv allows command injection through activation scripts for a virtual environment
High
CVE-2024-53899
was published
for
virtualenv
(pip)
Nov 24, 2024
ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command
Critical
CVE-2024-5023
was published
for
consoleme
(pip)
May 16, 2024
RCE in TranformGraph().to_dot_graph function
High
CVE-2023-41334
was published
for
astropy
(pip)
Mar 18, 2024
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
Critical
CVE-2024-23346
was published
for
pymatgen
(pip)
Feb 21, 2024
Command Injection in pip when used with Mercurial
Moderate
CVE-2023-5752
was published
for
pip
(pip)
Oct 25, 2023
ProTip!
Advisories are also available from the
GraphQL API