Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

160 advisories

Loading
OS Command Injection in gogs Critical
CVE-2022-1884 was published for gogs.io/gogs (Go) Jun 2, 2022
1135
LibreNMS has an Authenticated OS Command Injection Critical
CVE-2024-51092 was published for librenms/librenms (Composer) Nov 15, 2024
mallo-m
Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE Critical
CVE-2024-51735 was published for github.com/j3ssie/osmedeus (Go) Nov 5, 2024
n00b-bot
Command Injection in Pygments Critical
CVE-2015-8557 was published for Pygments (pip) May 17, 2022
tdunlap607
SaltStack Salt Command Injection in netapi ssh client Critical
CVE-2020-16846 was published for salt (pip) May 24, 2022
PIDUsage Enables OS Command Injection Critical
CVE-2017-1000220 was published for pidusage (npm) May 13, 2022
mattberry3
OS Command Injection in Plexus-utils Critical
CVE-2017-1000487 was published for org.codehaus.plexus:plexus-utils (Maven) May 13, 2022
Pillow command injection Critical
CVE-2014-3007 was published for pillow (pip) May 17, 2022
Markdown-supplied Shell Command Execution Critical
CVE-2020-15271 was published for lookatme (pip) Oct 27, 2020
Langchain OS Command Injection vulnerability Critical
CVE-2023-34540 was published for langchain (pip) Jun 14, 2023
Mercurial is vulnerable to shell injection attack Critical
CVE-2017-1000116 was published for mercurial (pip) May 13, 2022
Chaosblade vulnerable to OS command execution Critical
CVE-2023-47105 was published for github.com/chaosblade-io/chaosblade (Go) Sep 18, 2024
Mercurial vulnerable to arbitrary code injection Critical
CVE-2017-17458 was published for mercurial (pip) May 13, 2022
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments Critical
CVE-2023-40267 was published for GitPython (pip) Aug 11, 2023
Gerapy may cause remote code execution Critical
CVE-2021-43857 was published for gerapy (pip) Jan 6, 2022
AutoGPT bypass of the shell commands denylist settings Critical
CVE-2024-6091 was published for agpt (pip) Sep 11, 2024
remote code execution via git repo provider Critical
CVE-2021-39159 was published for binderhub (pip) Aug 30, 2021
dreyercito rccern
Command injection via Celery broker in Apache Airflow Critical
CVE-2020-11981 was published for apache-airflow (pip) Jul 27, 2020
sunSUNQ
Remote Code Execution due to Full Controled File Write in mlflow Critical
CVE-2023-6018 was published for mlflow (pip) Nov 16, 2023
marco27183 mberges21
rejetto HFS vulnerable to OS Command Execution by remote authenticated users Critical
CVE-2024-39943 was published for hfs (npm) Jul 5, 2024
LocalAI Command Injection in audioToWav Critical
CVE-2024-2029 was published for github.com/go-skynet/LocalAI (Go) Apr 10, 2024
tiagorlampert CHAOS vulnerable to arbitrary code execution Critical
CVE-2024-33434 was published for github.com/tiagorlampert/CHAOS (Go) May 7, 2024
Withdrawn Advisory: OS Command Injection in effect Critical
CVE-2020-7624 was published for effect (npm) Feb 10, 2022 withdrawn
Fidget-Grep
docconv OS Command Injection vulnerability Critical
CVE-2022-4643 was published for code.sajari.com/docconv (Go) Dec 22, 2022
XXL-JOB contains a Command execution vulnerability in background tasks Critical
CVE-2022-40929 was published for com.xuxueli:xxl-job-core (Maven) Sep 29, 2022
ProTip! Advisories are also available from the GraphQL API