GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,070
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,628
NuGet
638
pip
3,240
Pub
10
RubyGems
858
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
96 advisories
Filter by severity
Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments....
High
Unreviewed
CVE-2023-47804
was published
Dec 29, 2023
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability...
High
Unreviewed
CVE-2023-46681
was published
Dec 26, 2023
Apache Airflow ODBC Provider Argument Injection vulnerability
High
CVE-2023-34395
was published
for
apache-airflow-providers-odbc
(pip)
Jun 27, 2023
Poetry Argument Injection can lead to Local Code Execution
High
CVE-2022-36069
was published
for
poetry
(pip)
Sep 16, 2022
When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the...
High
Unreviewed
CVE-2021-24002
was published
May 24, 2022
Duplicate Advisory: Improper Neutralization of CRLF Sequences in dio
High
GHSA-jwpw-q68h-r678
was published
for
dio
(Pub)
May 24, 2022
•
withdrawn
RubyGems Escape sequence injection vulnerability in verbose
High
CVE-2019-8321
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
Command injection in Git package in Wrangler
High
CVE-2022-31249
was published
for
github.com/rancher/wrangler
(Go)
Jan 25, 2023
In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processing without integrity check...
High
Unreviewed
CVE-2020-7808
was published
May 24, 2022
Command injection in cocoapods-downloader
High
CVE-2022-24440
was published
for
cocoapods-downloader
(RubyGems)
Apr 2, 2022
Command injection in cocoapods-downloader
High
CVE-2022-21223
was published
for
cocoapods-downloader
(RubyGems)
Apr 2, 2022
A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an...
High
Unreviewed
CVE-2019-1779
was published
May 24, 2022
A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an...
High
Unreviewed
CVE-2019-1780
was published
May 24, 2022
A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an...
High
Unreviewed
CVE-2019-1795
was published
May 24, 2022
CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument...
High
Unreviewed
CVE-2023-25356
was published
Apr 4, 2023
A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet...
High
Unreviewed
CVE-2022-40677
was published
Feb 16, 2023
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Weblate
High
CVE-2022-23915
was published
for
Weblate
(pip)
Mar 4, 2022
CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was...
High
Unreviewed
CVE-2022-23740
was published
Nov 23, 2022
kernel/omap/drivers/mfd/twl6030-gpadc.c in the kernel component in Amazon Kindle Fire HD(3rd)...
High
Unreviewed
CVE-2018-11025
was published
May 14, 2022
kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd...
High
Unreviewed
CVE-2018-11023
was published
May 14, 2022
kernel/omap/drivers/video/omap2/dsscomp/device.c in the kernel component in Amazon Kindle Fire HD...
High
Unreviewed
CVE-2018-11021
was published
May 14, 2022
kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd)...
High
Unreviewed
CVE-2018-11019
was published
May 14, 2022
kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd)...
High
Unreviewed
CVE-2018-11022
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API