GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
73 advisories
OS Command Injection in Apache Airflow
High
CVE-2022-41131
was published
for
apache-airflow-providers-apache-hive
(pip)
Nov 22, 2022
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks
Critical
CVE-2021-21386
was published
for
APKLeaks
(pip)
Jan 21, 2022
yt-dlp on Windows vulnerable to `--exec` command injection when using `%q`
High
CVE-2023-40581
was published
for
yt-dlp
(pip)
Sep 25, 2023
OS Command Injection in Apache Airflow
Critical
CVE-2022-38649
was published
for
apache-airflow
(pip)
Nov 22, 2022
ansys-geometry-core OS Command Injection vulnerability
High
CVE-2024-29189
was published
for
ansys-geometry-core
(pip)
Mar 25, 2024
yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581)
High
CVE-2024-22423
was published
for
yt-dlp
(pip)
Apr 10, 2024
sagemaker-python-sdk Command Injection vulnerability
High
CVE-2024-34073
was published
for
sagemaker
(pip)
May 3, 2024
Remote Code Execution due to Full Controled File Write in mlflow
Critical
CVE-2023-6018
was published
for
mlflow
(pip)
Nov 16, 2023
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow
High
CVE-2024-42370
was published
for
litestar
(pip)
Aug 9, 2024
•
withdrawn
Command injection via Celery broker in Apache Airflow
Critical
CVE-2020-11981
was published
for
apache-airflow
(pip)
Jul 27, 2020
remote code execution via git repo provider
Critical
CVE-2021-39159
was published
for
binderhub
(pip)
Aug 30, 2021
ProTip!
Advisories are also available from the
GraphQL API