Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

189 advisories

Loading
An argument injection vulnerability in the browser-based authentication component of the... High Unreviewed
CVE-2022-30239 was published May 10, 2022
An argument injection vulnerability in the browser-based authentication component of the... High Unreviewed
CVE-2022-29971 was published May 10, 2022
An argument injection vulnerability in the browser-based authentication component of the... High Unreviewed
CVE-2022-29972 was published May 10, 2022
Argument Injection in Apache Geode server Moderate
CVE-2017-15694 was published for org.apache.geode:geode-core (Maven) Jun 26, 2019
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other... High Unreviewed
CVE-2018-19518 was published May 13, 2022
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by... Critical Unreviewed
CVE-2019-3463 was published May 13, 2022
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker... Moderate Unreviewed
CVE-2019-1613 was published May 13, 2022
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker... High Unreviewed
CVE-2019-1610 was published May 13, 2022
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker... High Unreviewed
CVE-2019-1606 was published May 13, 2022
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker... High Unreviewed
CVE-2019-1607 was published May 13, 2022
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker... High Unreviewed
CVE-2019-1608 was published May 13, 2022
A vulnerability in the CLI of Cisco NX-OS Software and Cisco FXOS Software could allow an... High Unreviewed
CVE-2019-1611 was published May 13, 2022
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker... High Unreviewed
CVE-2019-1609 was published May 13, 2022
Null characters not escaped High
CVE-2021-21384 was published for shescape (npm) Mar 18, 2021
A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could... High Unreviewed
CVE-2018-0345 was published May 13, 2022
Command injection in nodemailer Critical
CVE-2020-7769 was published for nodemailer (npm) May 10, 2021
There was an argument injection vulnerability in Sourcetree for Windows via filenames in... High Unreviewed
CVE-2018-13386 was published May 13, 2022
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program... Critical Unreviewed
CVE-2018-10992 was published May 13, 2022
Header injection possible in Django Moderate
CVE-2021-32052 was published for Django (pip) Jun 9, 2021
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x... Critical Unreviewed
CVE-2018-17456 was published May 13, 2022
Arbitrary command execution on Windows via qutebrowserurl: URL handler High
CVE-2021-41146 was published for qutebrowser (pip) Oct 22, 2021
mIRC before 7.55 allows remote command execution by using argument injection through custom URI... High Unreviewed
CVE-2019-6453 was published May 13, 2022
A tampering vulnerability exists when Microsoft browsers do not properly validate input under... Moderate Unreviewed
CVE-2019-0764 was published May 13, 2022
There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2... High Unreviewed
CVE-2018-20234 was published May 13, 2022
There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial... Critical Unreviewed
CVE-2018-13385 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API