GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
32 advisories
Filter by severity
Zoraxy has an authenticated command injection in the Web SSH feature
High
CVE-2024-52010
was published
for
github.com/tobychui/zoraxy
(Go)
Nov 12, 2024
Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE
Critical
CVE-2024-51735
was published
for
github.com/j3ssie/osmedeus
(Go)
Nov 5, 2024
Plenti arbitrary file write vulnerability
High
CVE-2024-49380
was published
for
github.com/plentico/plenti
(Go)
Oct 31, 2024
Nuclei Template Signature Verification Bypass
Moderate
CVE-2024-43405
was published
for
github.com/projectdiscovery/nuclei/v3
(Go)
Sep 4, 2024
Chaosblade vulnerable to OS command execution
Critical
CVE-2023-47105
was published
for
github.com/chaosblade-io/chaosblade
(Go)
Sep 18, 2024
Nuclei allows unsigned code template execution through workflows
High
CVE-2024-27920
was published
for
github.com/projectdiscovery/nuclei/v3
(Go)
Mar 15, 2024
soft-serve vulnerable to arbitrary code execution by crafting git-lfs requests
High
CVE-2024-41956
was published
for
github.com/charmbracelet/soft-serve
(Go)
Aug 2, 2024
LocalAI Command Injection in audioToWav
Critical
CVE-2024-2029
was published
for
github.com/go-skynet/LocalAI
(Go)
Apr 10, 2024
projectdiscovery/nuclei allows unsigned code template execution through workflows
High
CVE-2024-40641
was published
for
github.com/projectdiscovery/nuclei/v3
(Go)
Jul 17, 2024
Sliver Allows Authenticated Operator-to-Server Remote Code Execution
High
CVE-2024-41111
was published
for
github.com/bishopfox/sliver
(Go)
Jul 18, 2024
tiagorlampert CHAOS vulnerable to arbitrary code execution
Critical
CVE-2024-33434
was published
for
github.com/tiagorlampert/CHAOS
(Go)
May 7, 2024
docconv OS Command Injection vulnerability
Critical
CVE-2022-4643
was published
for
code.sajari.com/docconv
(Go)
Dec 22, 2022
tiagorlampert CHAOS vulnerable to command injections
High
CVE-2024-30850
was published
for
github.com/tiagorlampert/CHAOS
(Go)
Apr 12, 2024
Heketi Arbitrary Code Execution
High
CVE-2017-15103
was published
for
github.com/heketi/heketi
(Go)
Apr 24, 2024
Arbitrary Code Execution in Gitea
High
CVE-2020-14144
was published
for
code.gitea.io/gitea
(Go)
Apr 22, 2024
Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime
Moderate
CVE-2023-51699
was published
for
github.com/fluid-cloudnative/fluid
(Go)
Mar 15, 2024
Brook's tproxy server is vulnerable to a drive-by command injection.
Critical
CVE-2023-33965
was published
for
github.com/txthinking/brook
(Go)
Jun 6, 2023
1Panel command injection vulnerability in Firewall ip functionality
High
CVE-2023-37477
was published
for
github.com/1Panel-dev/1Panel
(Go)
Jul 18, 2023
Kubernetes Arbitrary Command Injection
Moderate
CVE-2018-1002101
was published
for
k8s.io/kubernetes
(Go)
Feb 15, 2022
Command injection in Git package in Wrangler
High
CVE-2022-31249
was published
for
github.com/rancher/wrangler
(Go)
Jan 25, 2023
Disputed: OS Command injection in github.com/kardianos/service
High
CVE-2022-29583
was published
for
github.com/kardianos/service
(Go)
Apr 23, 2022
•
withdrawn
Gogs OS Command Injection vulnerability
Critical
CVE-2022-2024
was published
for
gogs.io/gogs
(Go)
Feb 28, 2023
Command injection in Rancher Git package
Moderate
CVE-2022-43758
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
Code injection in Stripe CLI on windows
High
CVE-2022-24753
was published
for
github.com/stripe/stripe-cli
(Go)
Mar 10, 2022
ProTip!
Advisories are also available from the
GraphQL API