Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

57 advisories

Loading
Salt's on demand pillar functionality vulnerable to arbitrary command injections Moderate
CVE-2025-22237 was published for salt (pip) Jun 13, 2025
AWorld OS Command Injection vulnerability Low
CVE-2025-4032 was published for aworld (pip) Apr 28, 2025
Duplicate Advisory: D-Tale Command Injection vulnerability Critical
CVE-2025-0655 was published for dtale (pip) Mar 20, 2025 withdrawn
PlotAI eval vulnerability Critical
CVE-2025-1497 was published for plotai (pip) Mar 10, 2025
Withdrawn Advisory: Dask Vulnerable to Command Injection Critical
CVE-2024-10096 was published for dask (pip) Mar 20, 2025 withdrawn
krishanbhasin-px
LiteLLM Vulnerable to Remote Code Execution (RCE) High
CVE-2024-6825 was published for litellm (pip) Mar 20, 2025
Horovod Vulnerable to Command Injection Critical
CVE-2024-10190 was published for horovod (pip) Mar 20, 2025
pgAdmin Remote Code Execution (RCE) vulnerability High
CVE-2024-3116 was published for pgadmin4 (pip) Apr 4, 2024
XPixelGroup BasicSR Command Injection Moderate
CVE-2024-27763 was published for basicsr (pip) Mar 12, 2025
aydinnyunus
Apache Spark UI vulnerable to Command Injection High
CVE-2023-32007 was published for org.apache.spark:spark-parent_2.12 (Maven) May 2, 2023
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string Critical
CVE-2024-23346 was published for pymatgen (pip) Feb 21, 2024
SteakEnthusiast mkhorton
Composio Command Execution vulnerability Moderate
CVE-2024-53526 was published for composio-claude (pip) Jan 8, 2025
PaddlePaddle command injection vulnerability High
CVE-2024-0817 was published for paddlepaddle (pip) Mar 7, 2024
virtualenv allows command injection through activation scripts for a virtual environment High
CVE-2024-53899 was published for virtualenv (pip) Nov 24, 2024
lboynton
Vanna prompt injection code execution Critical
CVE-2024-5565 was published for vanna (pip) May 31, 2024
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Weblate High
CVE-2022-23915 was published for Weblate (pip) Mar 4, 2022
dellalibera
Tryton vulnerable to arbitrary command execution High
CVE-2014-6633 was published for tryton (pip) May 14, 2022
PyTorch vulnerable to arbitrary code execution Critical
CVE-2022-45907 was published for torch (pip) Nov 26, 2022
WilliamsCJ
Snowflake Python Connector vulnerable to Command Injection High
CVE-2023-34233 was published for snowflake-connector-python (pip) Jun 9, 2023
Command Injection in SaltStack Salt High
CVE-2021-31607 was published for salt (pip) May 24, 2022
SaltStack Salt command injection in the Salt-API when using the Salt-SSH client Critical
CVE-2021-3148 was published for salt (pip) May 24, 2022
Command Injection in Simiki Critical
CVE-2020-19001 was published for simiki (pip) Sep 1, 2021
SaltStack Salt command injection via a crafted process name High
CVE-2020-28243 was published for salt (pip) May 24, 2022
SaltStack Salt is vulnerable to command injection Critical
CVE-2019-17361 was published for salt (pip) May 24, 2022
pydash Command Injection vulnerability Critical
CVE-2023-26145 was published for pydash (pip) Sep 28, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database