Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

19 advisories

Loading
Control character injection in console output in github.com/ipfs/go-ipfs Moderate
CVE-2020-26283 was published for github.com/ipfs/go-ipfs (Go) Jun 23, 2021
tintinweb
kubectl ANSI escape characters not filtered Low
CVE-2021-25743 was published for k8s.io/kubernetes (Go) Jan 8, 2022
dgl
RubyGems Code Injection vulnerability Critical
CVE-2017-0899 was published for rubygems-update (RubyGems) May 13, 2022
Possible shell escape sequence injection vulnerability in Rack Critical
CVE-2022-30123 was published for rack (RubyGems) May 27, 2022
kurt-r2c
Denial of service (DoS) when processing Git credentials Moderate
CVE-2022-43756 was published for github.com/rancher/wrangler (Go) Jan 25, 2023
XWiki Platform may allow privilege escalation to programming rights via user's first name Critical
CVE-2023-26055 was published for org.xwiki.commons:xwiki-commons-xml (Maven) Mar 3, 2023
Interactive `run` permission prompt spoofing via improper ANSI neutralization High
CVE-2023-28446 was published for deno (Rust) Mar 24, 2023
LeoDog896
Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints Low
CVE-2023-30844 was published for github.com/mutagen-io/mutagen (Go) May 5, 2023
Shescape on Windows escaping may be bypassed in threaded context High
CVE-2023-40185 was published for shescape (npm) Aug 22, 2023
gitoxide-core does not neutralize special characters for terminals Low
CVE-2024-43785 was published for gitoxide (Rust) Aug 22, 2024
EliahKagan
Jinja has a sandbox breakout through malicious filenames Moderate
CVE-2024-56201 was published for jinja2 (pip) Dec 23, 2024
sleiner sisp
python-sql SQL injection vulnerability Moderate
CVE-2024-9774 was published for python-sql (pip) Dec 27, 2024
ProTip! Advisories are also available from the GraphQL API