GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
35 advisories
Control character injection in console output in github.com/ipfs/go-ipfs
Moderate
CVE-2020-26283
was published
for
github.com/ipfs/go-ipfs
(Go)
Jun 23, 2021
Interactive `run` permission prompt spoofing via improper ANSI neutralization
High
CVE-2023-28446
was published
for
deno
(Rust)
Mar 24, 2023
kubectl ANSI escape characters not filtered
Low
CVE-2021-25743
was published
for
k8s.io/kubernetes
(Go)
Jan 8, 2022
Possible shell escape sequence injection vulnerability in Rack
Critical
CVE-2022-30123
was published
for
rack
(RubyGems)
May 27, 2022
Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping
High
CVE-2024-27936
was published
for
deno
(Rust)
Mar 5, 2024
Jinja has a sandbox breakout through malicious filenames
Moderate
CVE-2024-56201
was published
for
jinja2
(pip)
Dec 23, 2024
jte's HTML templates containing Javascript template strings are subject to XSS
Moderate
CVE-2025-23026
was published
for
gg.jte:jte
(Maven)
Jan 13, 2025
gitoxide-core does not neutralize special characters for terminals
Low
CVE-2024-43785
was published
for
gitoxide
(Rust)
Aug 22, 2024
Crayfish Allows Remote Code Execution via hypercube X-Islandora-Args Header
Critical
GHSA-c2p2-hgjg-9r3f
was published
for
islandora/crayfish
(Composer)
Feb 12, 2025
Crayfish allows Remote Code Execution via Homarus Authorization header
Critical
CVE-2025-25286
was published
for
islandora/crayfish
(Composer)
Jan 15, 2025
gurk (aka gurk-rs) mishandles ANSI escape sequences
Moderate
CVE-2025-30089
was published
for
gurk
(Rust)
Mar 17, 2025
ProTip!
Advisories are also available from the
GraphQL API