Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

47 advisories

Loading
Codecov does not sanitize gcov arguments Moderate
CVE-2019-10800 was published for codecov (pip) Jul 14, 2022
Gogs allows argument injection during the tagging of a new release High
CVE-2024-39933 was published for github.com/gogs/gogs (Go) Jul 4, 2024
Argument Injection in Ansible Low
CVE-2020-1738 was published for ansible (pip) Feb 9, 2022
github.com/gogs/gogs affected by CVE-2024-39930 Critical
CVE-2024-39930 was published for github.com/gogs/gogs (Go) Jul 4, 2024
gix-transport code execution vulnerability Moderate
GHSA-rrjw-j4m2-mf34 was published for gix-transport (Rust) Sep 25, 2023
EliahKagan
Command Injection Vulnerability with Mercurial in VCS Critical
CVE-2022-21235 was published for github.com/Masterminds/vcs (Go) Apr 1, 2022
dellalibera
HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches Critical
CVE-2024-3817 was published for github.com/hashicorp/go-getter (Go) Apr 17, 2024
gix-transport indirect code execution via malicious username Moderate
CVE-2024-32884 was published for gitoxide (Rust) Apr 15, 2024
EliahKagan
Dolibarr authenticated Remote Code Execution High
CVE-2020-35136 was published for dolibarr/dolibarr (Composer) May 24, 2022
Argument injection in python-libnmap Critical
CVE-2022-30284 was published for python-libnmap (pip) May 6, 2022
jefimm
Argument injection in a MimeTypeGuesser in Symfony High
CVE-2019-18888 was published for symfony/http-foundation (Composer) Dec 2, 2019
Code execution in Embedchain Critical
CVE-2024-23731 was published for embedchain (pip) Jan 21, 2024
Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial High
CVE-2021-29472 was published for composer/composer (Composer) Apr 29, 2021
thomas-chauchefoin-sonarsource
Missing input validation can lead to command execution in composer High
CVE-2022-24828 was published for composer/composer (Composer) Apr 22, 2022
thomas-chauchefoin-sonarsource
Prototype Pollution in mixin-deep Critical
CVE-2019-10746 was published for mixin-deep (npm) Aug 27, 2019
Apache Airflow ODBC Provider Argument Injection vulnerability High
CVE-2023-34395 was published for apache-airflow-providers-odbc (pip) Jun 27, 2023
blamer vulnerable to Arbitrary Argument Injection via the blameByFile() API Moderate
CVE-2023-26143 was published for blamer (npm) Sep 19, 2023
Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile. Moderate
CVE-2021-43809 was published for bundler (RubyGems) Dec 8, 2021
paul-gerste-sonarsource
Poetry Argument Injection can lead to Local Code Execution High
CVE-2022-36069 was published for poetry (pip) Sep 16, 2022
paul-gerste-sonarsource neersighted
Froxlor vulnerable to Argument Injection Moderate
CVE-2022-4864 was published for froxlor/froxlor (Composer) Dec 31, 2022
Duplicate Advisory: Improper Neutralization of CRLF Sequences in dio High
GHSA-jwpw-q68h-r678 was published for dio (Pub) May 24, 2022 withdrawn
AlexV525
Arbitrary Code Execution in mathjs Critical
CVE-2017-1001003 was published for mathjs (npm) Dec 18, 2017
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks Critical
CVE-2021-21386 was published for APKLeaks (pip) Jan 21, 2022
Ry0taK
Command injection in git-clone High
CVE-2022-25900 was published for git-clone (npm) Jul 2, 2022
lirantal
RubyGems Escape sequence injection vulnerability in verbose High
CVE-2019-8321 was published for rubygems-update (RubyGems) Jun 20, 2019
ProTip! Advisories are also available from the GraphQL API