GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
21 advisories
Filter by severity
Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer
High
CVE-2024-52308
was published
for
github.com/cli/cli
(Go)
Nov 14, 2024
Grafana Command Injection And Local File Inclusion Via Sql Expressions
Critical
CVE-2024-9264
was published
for
github.com/grafana/grafana
(Go)
Oct 18, 2024
CasaOS Command Injection vulnerability
Critical
CVE-2023-37469
was published
for
github.com/IceWhaleTech/CasaOS
(Go)
Aug 5, 2024
HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
High
CVE-2024-6257
was published
for
github.com/hashicorp/go-getter
(Go)
Jun 25, 2024
sshproxy vulnerable to SSH option injection
Low
CVE-2024-34713
was published
for
github.com/cea-hpc/sshproxy
(Go)
May 14, 2024
1Panel arbitrary file write vulnerability
Moderate
CVE-2024-34352
was published
for
github.com/1Panel-dev/1Panel
(Go)
May 9, 2024
CRI-O vulnerable to an arbitrary systemd property injection
High
CVE-2024-3154
was published
for
github.com/cri-o/cri-o
(Go)
Apr 30, 2024
Withdrawn: Runc allows an arbitrary systemd property to be injected
High
GHSA-c5pj-mqfh-rvc3
was published
for
github.com/opencontainers/runc
(Go)
Apr 26, 2024
•
withdrawn
1Panel is vulnerable to command injection
Moderate
CVE-2024-2352
was published
for
github.com/1Panel-dev/1Panel
(Go)
Mar 10, 2024
Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268)
High
CVE-2024-22198
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Jan 11, 2024
Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)
High
CVE-2024-22197
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Jan 11, 2024
1Panel vulnerable to command injection when entering the container terminal
Moderate
CVE-2023-36458
was published
for
github.com/1Panel-dev/1Panel
(Go)
Jul 5, 2023
1Panel vulnerable to command injection when adding container repositories
Moderate
CVE-2023-36457
was published
for
github.com/1Panel-dev/1Panel
(Go)
Jul 5, 2023
Snowflake Golang Driver vulnerable to Command Injection
High
CVE-2023-34231
was published
for
github.com/snowflakedb/gosnowflake
(Go)
Jun 9, 2023
Command injection in Git package in Wrangler
High
CVE-2022-31249
was published
for
github.com/rancher/wrangler
(Go)
Jan 25, 2023
Command injection in Rancher Git package
Moderate
CVE-2022-43758
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
Improper token validation leading to code execution in Teleport
High
CVE-2022-36633
was published
for
github.com/gravitational/teleport
(Go)
Aug 25, 2022
HashiCorp go-getter command injection
Critical
CVE-2022-26945
was published
for
github.com/hashicorp/go-getter
(Go)
May 26, 2022
Apache Thrift Go Library Command Injection
High
CVE-2016-5397
was published
for
github.com/apache/thrift
(Go)
May 13, 2022
Command Injection Vulnerability with Mercurial in VCS
Critical
CVE-2022-21235
was published
for
github.com/Masterminds/vcs
(Go)
Apr 1, 2022
ProTip!
Advisories are also available from the
GraphQL API