Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,549
Maven
5,000+
npm
5,000+
NuGet
917
pip
4,798
Pub
13
RubyGems
1,038
Rust
1,237
Swift
53
Unreviewed advisories
All unreviewed
5,000+

23 advisories

Loading
zeptoclaw has Shell allowlist-blocklist bypass via command/argument injection and file name wildcards Critical
GHSA-5wp8-q9mx-8jx8 was published for zeptoclaw (Rust) Mar 5, 2026
zpbrent Credited to zpbrent
Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass High
CVE-2026-22864 was published for deno (Rust) Jan 16, 2026
SharokhAtaie Credited to SharokhAtaie and B14CK-SPID3R B14CK-SPID3R B14CK-SPID3R
nitro-tpm-pcr-compute may allow kernel command line modification by an account operator Moderate
GHSA-xrv8-2pf5-f3q7 was published for nitro-tpm-pcr-compute (Rust) Dec 5, 2025
agraf Credited to agraf and mariusknaust mariusknaust mariusknaust
tracexec has `env` command argument injection via environment variables starting with dash in traced exec events Low
GHSA-6fgx-x7m2-74qm was published for tracexec (Rust) Oct 13, 2025
kxxt Credited to kxxt
Deno is Vulnerable to Command Injection on Windows During Batch File Execution High
CVE-2025-61787 was published for deno (Rust) Oct 8, 2025
R4356th Credited to R4356th
SurrealDB server-takeover via SurrealQL injection on backup import Critical
GHSA-ccj3-5p93-8p42 was published for surrealdb (Rust) Apr 11, 2025
cure53 Credited to cure53
Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands High
CVE-2024-41815 was published for starship (Rust) Jul 26, 2024
evanbattaglia Credited to evanbattaglia
gix-transport indirect code execution via malicious username Moderate
CVE-2024-32884 was published for gitoxide (Rust) Apr 15, 2024
EliahKagan Credited to EliahKagan
aliyundrive-webdav vulnerable to Command Injection High
CVE-2024-29640 was published for aliyundrive-webdav (pip) Mar 29, 2024
Data races in bunch High
CVE-2020-36450 was published for bunch (Rust) Aug 25, 2021
Data race in syncpool High
CVE-2020-36462 was published for syncpool (Rust) Aug 25, 2021
Data races in lexer High
CVE-2020-36458 was published for lexer (Rust) Aug 25, 2021
Data races in multiqueue High
CVE-2020-36463 was published for multiqueue (Rust) Aug 25, 2021
Data races in dces High
CVE-2020-36459 was published for dces (Rust) Aug 25, 2021
Data races in toolshed High
CVE-2020-36456 was published for toolshed (Rust) Aug 25, 2021
Data races in slock High
CVE-2020-36455 was published for slock (Rust) Aug 25, 2021
J3rry-1729 Credited to J3rry-1729
Data races in lever High
CVE-2020-36457 was published for lever (Rust) Aug 25, 2021
tdunlap607 Credited to tdunlap607
Data races in rcu_cell High
CVE-2020-36451 was published for rcu_cell (Rust) Aug 25, 2021
Data races in cache High
CVE-2020-36448 was published for cache (Rust) Aug 25, 2021
Command injection in kekbit High
CVE-2020-36449 was published for kekbit (Rust) Aug 25, 2021
Data race in v9 High
CVE-2020-36447 was published for v9 (Rust) Aug 25, 2021
J3rry-1729 Credited to J3rry-1729
Argument injection in lettre Moderate
CVE-2020-28247 was published for lettre (Rust) Aug 25, 2021
vin01 Credited to vin01
Data races in noise_search Moderate
CVE-2020-36461 was published for noise_search (Rust) Aug 25, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database