Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,070
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,628
NuGet
638
pip
3,240
Pub
10
RubyGems
858
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

96 advisories

Loading
kernel/omap/drivers/mfd/twl6030-gpadc.c in the kernel component in Amazon Kindle Fire HD(3rd)... High Unreviewed
CVE-2018-11025 was published May 14, 2022
CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was... High Unreviewed
CVE-2022-23740 was published Nov 23, 2022
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Weblate High
CVE-2022-23915 was published for Weblate (pip) Mar 4, 2022
dellalibera
A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet... High Unreviewed
CVE-2022-40677 was published Feb 16, 2023
CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument... High Unreviewed
CVE-2023-25356 was published Apr 4, 2023
A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an... High Unreviewed
CVE-2019-1795 was published May 24, 2022
A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an... High Unreviewed
CVE-2019-1780 was published May 24, 2022
A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an... High Unreviewed
CVE-2019-1779 was published May 24, 2022
Command injection in cocoapods-downloader High
CVE-2022-21223 was published for cocoapods-downloader (RubyGems) Apr 2, 2022
Command injection in cocoapods-downloader High
CVE-2022-24440 was published for cocoapods-downloader (RubyGems) Apr 2, 2022
tdunlap607
In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processing without integrity check... High Unreviewed
CVE-2020-7808 was published May 24, 2022
Command injection in Git package in Wrangler High
CVE-2022-31249 was published for github.com/rancher/wrangler (Go) Jan 25, 2023
cokeBeer aruneko
tdunlap607
Command injection in simple-git High
CVE-2022-24066 was published for simple-git (npm) Apr 2, 2022
lirantal rhelinko-telia
RubyGems Escape sequence injection vulnerability in verbose High
CVE-2019-8321 was published for rubygems-update (RubyGems) Jun 20, 2019
Command injection in git-clone High
CVE-2022-25900 was published for git-clone (npm) Jul 2, 2022
lirantal
Duplicate Advisory: Improper Neutralization of CRLF Sequences in dio High
GHSA-jwpw-q68h-r678 was published for dio (Pub) May 24, 2022 withdrawn
AlexV525
When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the... High Unreviewed
CVE-2021-24002 was published May 24, 2022
Poetry Argument Injection can lead to Local Code Execution High
CVE-2022-36069 was published for poetry (pip) Sep 16, 2022
paul-gerste-sonarsource neersighted
Apache Airflow ODBC Provider Argument Injection vulnerability High
CVE-2023-34395 was published for apache-airflow-providers-odbc (pip) Jun 27, 2023
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability... High Unreviewed
CVE-2023-46681 was published Dec 26, 2023
Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments.... High Unreviewed
CVE-2023-47804 was published Dec 29, 2023
Missing input validation can lead to command execution in composer High
CVE-2022-24828 was published for composer/composer (Composer) Apr 22, 2022
thomas-chauchefoin-sonarsource
Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial High
CVE-2021-29472 was published for composer/composer (Composer) Apr 29, 2021
thomas-chauchefoin-sonarsource
A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation... High Unreviewed
CVE-2023-20224 was published Aug 17, 2023
Argument injection in a MimeTypeGuesser in Symfony High
CVE-2019-18888 was published for symfony/http-foundation (Composer) Dec 2, 2019
ProTip! Advisories are also available from the GraphQL API