GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
189 advisories
Filter by severity
When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the...
High
Unreviewed
CVE-2021-24002
was published
May 24, 2022
Froxlor vulnerable to Argument Injection
Moderate
CVE-2022-4864
was published
for
froxlor/froxlor
(Composer)
Dec 31, 2022
Duplicate Advisory: Improper Neutralization of CRLF Sequences in dio
High
GHSA-jwpw-q68h-r678
was published
for
dio
(Pub)
May 24, 2022
•
withdrawn
Arbitrary Code Execution in mathjs
Critical
CVE-2017-1001003
was published
for
mathjs
(npm)
Dec 18, 2017
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks
Critical
CVE-2021-21386
was published
for
APKLeaks
(pip)
Jan 21, 2022
RubyGems Escape sequence injection vulnerability in verbose
High
CVE-2019-8321
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
Dragonfly contains remote code execution vulnerability
Critical
CVE-2021-33564
was published
for
dragonfly
(RubyGems)
Jun 2, 2021
Arbitrary code execution in H2 Console
Critical
CVE-2022-23221
was published
for
com.h2database:h2
(Maven)
Jan 21, 2022
Apache Hadoop argument injection vulnerability
Critical
CVE-2022-25168
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Aug 5, 2022
Command injection in Git package in Wrangler
High
CVE-2022-31249
was published
for
github.com/rancher/wrangler
(Go)
Jan 25, 2023
In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection...
Critical
Unreviewed
CVE-2022-45062
was published
Nov 9, 2022
In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processing without integrity check...
High
Unreviewed
CVE-2020-7808
was published
May 24, 2022
Command injection in cocoapods-downloader
High
CVE-2022-24440
was published
for
cocoapods-downloader
(RubyGems)
Apr 2, 2022
Command injection in cocoapods-downloader
High
CVE-2022-21223
was published
for
cocoapods-downloader
(RubyGems)
Apr 2, 2022
A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an...
High
Unreviewed
CVE-2019-1779
was published
May 24, 2022
Remote command injection when using sendmail email transport
Moderate
GHSA-wfrj-qqc2-83cm
was published
for
ghost
(npm)
Sep 20, 2021
A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an...
High
Unreviewed
CVE-2019-1780
was published
May 24, 2022
A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an...
High
Unreviewed
CVE-2019-1795
was published
May 24, 2022
Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection.
Critical
Unreviewed
CVE-2020-28367
was published
May 24, 2022
CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument...
High
Unreviewed
CVE-2023-25356
was published
Apr 4, 2023
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS...
Moderate
Unreviewed
CVE-2022-3140
was published
Oct 12, 2022
A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet...
High
Unreviewed
CVE-2022-40677
was published
Feb 16, 2023
ProTip!
Advisories are also available from the
GraphQL API