Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

54 advisories

Loading
Command injection in Yamale High
CVE-2021-38305 was published for yamale (pip) Aug 11, 2021
OS Command Injection in Apache Airflow Critical
CVE-2022-40189 was published for apache-airflow (pip) Nov 22, 2022
OS Command Injection in jw.util Critical
CVE-2020-13388 was published for jw.util (pip) Jun 2, 2021
OS Command Injection in Apache Airflow High
CVE-2022-41131 was published for apache-airflow-providers-apache-hive (pip) Nov 22, 2022
raboof
Improper Control of Generation of Code ('Code Injection') in Azure CLI High
CVE-2022-39327 was published for azure-cli (pip) Oct 25, 2022
OS Command Injection in Apache Airflow Moderate
CVE-2022-40954 was published for apache-airflow (pip) Nov 22, 2022
ClusterLabs crmsh vulnerable to shell code injection High
CVE-2020-35459 was published for crmsh (pip) May 24, 2022
Apache Spark UI can allow impersonation if ACLs enabled High
CVE-2022-33891 was published for org.apache.spark:spark-parent_2.12 (Maven) Jul 19, 2022
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks Critical
CVE-2021-21386 was published for APKLeaks (pip) Jan 21, 2022
Ry0taK
mlflow vulnerable to OS Command Injection High
CVE-2023-4033 was published for mlflow (pip) Aug 1, 2023
yt-dlp on Windows vulnerable to `--exec` command injection when using `%q` High
CVE-2023-40581 was published for yt-dlp (pip) Sep 25, 2023
Grub4K
Command injection in PaddlePaddle Critical
CVE-2023-38673 was published for paddlepaddle (pip) Jul 26, 2023
Ray OS Command Injection vulnerability Critical
CVE-2023-6019 was published for ray (pip) Nov 16, 2023
PaddlePaddle command injection in get_online_pass_interval Critical
CVE-2023-52310 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle command injection in _wget_download Critical
CVE-2023-52311 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle command injection in convert_shape_compare Critical
CVE-2023-52314 was published for PaddlePaddle (pip) Jan 3, 2024
OS Command Injection in Apache Airflow Critical
CVE-2022-38649 was published for apache-airflow (pip) Nov 22, 2022
sunSUNQ
PaddlePaddle command injection in paddle.utils.download._wget_download Critical
CVE-2024-0815 was published for paddlepaddle (pip) Mar 7, 2024
ansys-geometry-core OS Command Injection vulnerability High
CVE-2024-29189 was published for ansys-geometry-core (pip) Mar 25, 2024
RobPasMue
sagemaker-python-sdk Command Injection vulnerability High
CVE-2024-34073 was published for sagemaker (pip) May 3, 2024
Kasimir123
Remote Code Execution due to Full Controled File Write in mlflow Critical
CVE-2023-6018 was published for mlflow (pip) Nov 16, 2023
marco27183 mberges21
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow High
CVE-2024-42370 was published for litestar (pip) Aug 9, 2024 withdrawn
pwntester JacobCoffee
Apache Superset OS Command Injection High
CVE-2020-13948 was published for apache-superset (pip) May 24, 2022
OS Command Injection in bikeshed High
CVE-2021-23422 was published for bikeshed (pip) Aug 30, 2021
ProTip! Advisories are also available from the GraphQL API