GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,070
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,628
NuGet
638
pip
3,240
Pub
10
RubyGems
858
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
96 advisories
Filter by severity
kernel/omap/drivers/mfd/twl6030-gpadc.c in the kernel component in Amazon Kindle Fire HD(3rd)...
High
Unreviewed
CVE-2018-11025
was published
May 14, 2022
CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was...
High
Unreviewed
CVE-2022-23740
was published
Nov 23, 2022
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Weblate
High
CVE-2022-23915
was published
for
Weblate
(pip)
Mar 4, 2022
A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet...
High
Unreviewed
CVE-2022-40677
was published
Feb 16, 2023
CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument...
High
Unreviewed
CVE-2023-25356
was published
Apr 4, 2023
A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an...
High
Unreviewed
CVE-2019-1795
was published
May 24, 2022
A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an...
High
Unreviewed
CVE-2019-1780
was published
May 24, 2022
A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an...
High
Unreviewed
CVE-2019-1779
was published
May 24, 2022
Command injection in cocoapods-downloader
High
CVE-2022-21223
was published
for
cocoapods-downloader
(RubyGems)
Apr 2, 2022
Command injection in cocoapods-downloader
High
CVE-2022-24440
was published
for
cocoapods-downloader
(RubyGems)
Apr 2, 2022
In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processing without integrity check...
High
Unreviewed
CVE-2020-7808
was published
May 24, 2022
Command injection in Git package in Wrangler
High
CVE-2022-31249
was published
for
github.com/rancher/wrangler
(Go)
Jan 25, 2023
RubyGems Escape sequence injection vulnerability in verbose
High
CVE-2019-8321
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
Duplicate Advisory: Improper Neutralization of CRLF Sequences in dio
High
GHSA-jwpw-q68h-r678
was published
for
dio
(Pub)
May 24, 2022
•
withdrawn
When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the...
High
Unreviewed
CVE-2021-24002
was published
May 24, 2022
Poetry Argument Injection can lead to Local Code Execution
High
CVE-2022-36069
was published
for
poetry
(pip)
Sep 16, 2022
Apache Airflow ODBC Provider Argument Injection vulnerability
High
CVE-2023-34395
was published
for
apache-airflow-providers-odbc
(pip)
Jun 27, 2023
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability...
High
Unreviewed
CVE-2023-46681
was published
Dec 26, 2023
Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments....
High
Unreviewed
CVE-2023-47804
was published
Dec 29, 2023
Missing input validation can lead to command execution in composer
High
CVE-2022-24828
was published
for
composer/composer
(Composer)
Apr 22, 2022
Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial
High
CVE-2021-29472
was published
for
composer/composer
(Composer)
Apr 29, 2021
A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation...
High
Unreviewed
CVE-2023-20224
was published
Aug 17, 2023
Argument injection in a MimeTypeGuesser in Symfony
High
CVE-2019-18888
was published
for
symfony/http-foundation
(Composer)
Dec 2, 2019
ProTip!
Advisories are also available from the
GraphQL API