Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,783
Erlang
36
GitHub Actions
29
Go
2,353
Maven
5,000+
npm
3,977
NuGet
720
pip
3,774
Pub
12
RubyGems
923
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

162 advisories

Loading
HaxCMS-PHP Command Injection Vulnerability High
CVE-2025-49141 was published for @haxtheweb/haxcms-nodejs (npm) Jun 9, 2025
userRPR
MantisBT Remote Code Execution High
CVE-2019-15715 was published for mantisbt/mantisbt (Composer) May 24, 2022
LLama-Index CLI OS command injection vulnerability High
CVE-2025-1753 was published for llama-index-cli (pip) May 28, 2025
motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution High
CVE-2025-47782 was published for motioneye (pip) May 15, 2025
hyperlyz MichaIng
OPA server Data API HTTP path injection of Rego High
CVE-2025-46569 was published for github.com/open-policy-agent/opa (Go) May 1, 2025
GamrayW HyouKash
AdrienIT
snyk Code Injection vulnerability High
CVE-2022-24441 was published for snyk (npm) Jul 6, 2023
Whoogle allows attackers to execute arbitrary code via supplying a crafted search query High
CVE-2024-53305 was published for whoogle-search (pip) Apr 16, 2025
Elasticsearch Logstash allows remote attackers to execute arbitrary commands High
CVE-2014-4326 was published for logstash (RubyGems) May 14, 2022
postmodern tdeo
Neo4J vulnerable to Cross-Site Request Forgery High
CVE-2013-7259 was published for org.neo4j:neo4j (Maven) May 17, 2022
Improper Control of Generation of Code ('Code Injection') in Azure CLI High
CVE-2022-39327 was published for azure-cli (pip) Oct 25, 2022
jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal" High
CVE-2025-30370 was published for jupyterlab-git (pip) Apr 4, 2025
dlqqq rpwagner
krassowski
Command Injection in puppet-facter High
CVE-2022-25350 was published for puppet-facter (npm) Jan 26, 2023
Command injection in smartctl High
CVE-2022-21810 was published for smartctl (npm) Jan 26, 2023
mt7688-wiscan is vulnerable to Command Injection due to improper input sanitization High
CVE-2022-25916 was published for mt7688-wiscan (npm) Feb 1, 2023
is-http2 vulnerable to Improper Input Validation High
CVE-2022-25906 was published for is-http2 (npm) Feb 1, 2023
create-choo-app3 is vulnerable to Command Injection via the devInstall function High
CVE-2022-25855 was published for create-choo-app3 (npm) Feb 6, 2023
semver-tags is vulnerable to Command Injection via the getGitTagsRemote function High
CVE-2022-25853 was published for semver-tags (npm) Feb 6, 2023
Apache Spark UI can allow impersonation if ACLs enabled High
CVE-2022-33891 was published for org.apache.spark:spark-parent_2.12 (Maven) Jul 19, 2022
alowayed
Magento Open Source allows OS Command Injection High
CVE-2024-20720 was published for magento/community-edition (Composer) Feb 15, 2024
Magento Open Source allows Improper Neutralization of Special Elements Used High
CVE-2023-38208 was published for magento/community-edition (Composer) Aug 9, 2023
SFTPGo has insufficient sanitization of user provided rsync command High
CVE-2025-24366 was published for github.com/drakkan/sftpgo (Go) Feb 7, 2025
ateamjkr
PaddlePaddle command injection in paddle.utils.download._wget_download High
CVE-2024-0815 was published for paddlepaddle (pip) Mar 7, 2024
virtualenv allows command injection through activation scripts for a virtual environment High
CVE-2024-53899 was published for virtualenv (pip) Nov 24, 2024
lboynton
Dolibarr vulnerable to remote code execution via uppercase manipulation High
CVE-2023-30253 was published for dolibarr/dolibarr (Composer) May 29, 2023
bwm-ng vulnerable to command injection High
CVE-2023-26129 was published for bwm-ng (npm) May 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database