GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
189 advisories
Filter by severity
In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection...
Critical
Unreviewed
CVE-2022-45062
was published
Nov 9, 2022
Command injection in Git package in Wrangler
High
CVE-2022-31249
was published
for
github.com/rancher/wrangler
(Go)
Jan 25, 2023
Apache Hadoop argument injection vulnerability
Critical
CVE-2022-25168
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Aug 5, 2022
Arbitrary code execution in H2 Console
Critical
CVE-2022-23221
was published
for
com.h2database:h2
(Maven)
Jan 21, 2022
Dragonfly contains remote code execution vulnerability
Critical
CVE-2021-33564
was published
for
dragonfly
(RubyGems)
Jun 2, 2021
RubyGems Escape sequence injection vulnerability in verbose
High
CVE-2019-8321
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks
Critical
CVE-2021-21386
was published
for
APKLeaks
(pip)
Jan 21, 2022
Arbitrary Code Execution in mathjs
Critical
CVE-2017-1001003
was published
for
mathjs
(npm)
Dec 18, 2017
Duplicate Advisory: Improper Neutralization of CRLF Sequences in dio
High
GHSA-jwpw-q68h-r678
was published
for
dio
(Pub)
May 24, 2022
•
withdrawn
Froxlor vulnerable to Argument Injection
Moderate
CVE-2022-4864
was published
for
froxlor/froxlor
(Composer)
Dec 31, 2022
When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the...
High
Unreviewed
CVE-2021-24002
was published
May 24, 2022
Poetry Argument Injection can lead to Local Code Execution
High
CVE-2022-36069
was published
for
poetry
(pip)
Sep 16, 2022
Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile.
Moderate
CVE-2021-43809
was published
for
bundler
(RubyGems)
Dec 8, 2021
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker...
Moderate
Unreviewed
CVE-2022-20930
was published
Oct 1, 2022
blamer vulnerable to Arbitrary Argument Injection via the blameByFile() API
Moderate
CVE-2023-26143
was published
for
blamer
(npm)
Sep 19, 2023
Apache Airflow ODBC Provider Argument Injection vulnerability
High
CVE-2023-34395
was published
for
apache-airflow-providers-odbc
(pip)
Jun 27, 2023
The go command may execute arbitrary code at build time when using cgo. This may occur when...
Critical
Unreviewed
CVE-2023-29405
was published
Jun 8, 2023
Prototype Pollution in mixin-deep
Critical
CVE-2019-10746
was published
for
mixin-deep
(npm)
Aug 27, 2019
A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root...
Moderate
Unreviewed
CVE-2022-37705
was published
Apr 16, 2023
An argument injection vulnerability has been identified in the
administrative web interface of...
Critical
Unreviewed
CVE-2023-6269
was published
Dec 5, 2023
An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software...
Moderate
Unreviewed
CVE-2023-6792
was published
Dec 13, 2023
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability...
High
Unreviewed
CVE-2023-46681
was published
Dec 26, 2023
ProTip!
Advisories are also available from the
GraphQL API