Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

27 advisories

Loading
The product allows user input to control or influence paths or file names that are used in... Critical Unreviewed
CVE-2024-3980 was published Aug 27, 2024
An argument injection vulnerability has been identified in the administrative web interface of... Critical Unreviewed
CVE-2023-6269 was published Dec 5, 2023
There is a command injection problem in the old version of the mobile phone backup app. Critical Unreviewed
CVE-2023-26310 was published Aug 9, 2023
Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message... Critical Unreviewed
CVE-2023-33378 was published Aug 4, 2023
Connected IO v2.1.0 and prior has an argument injection vulnerability in its iptables command... Critical Unreviewed
CVE-2023-33376 was published Aug 4, 2023
The go command may execute arbitrary code at build time when using cgo. This may occur when... Critical Unreviewed
CVE-2023-29405 was published Jun 8, 2023
AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_del.inc.php Critical Unreviewed
CVE-2022-47926 was published Dec 22, 2022
In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection... Critical Unreviewed
CVE-2022-45062 was published Nov 9, 2022
An Argument Injection or Modification vulnerability in the "Change Secret" username field as used... Critical Unreviewed
CVE-2022-1399 was published Aug 18, 2022
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability... Critical Unreviewed
CVE-2020-5648 was published May 24, 2022
Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an... Critical Unreviewed
CVE-2021-31698 was published May 24, 2022
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was... Critical Unreviewed
CVE-2021-31909 was published May 24, 2022
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default... Critical Unreviewed
CVE-2020-28026 was published May 24, 2022
The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote... Critical Unreviewed
CVE-2021-24030 was published May 24, 2022
A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote... Critical Unreviewed
CVE-2020-21224 was published May 24, 2022
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service ... Critical Unreviewed
CVE-2021-26937 was published May 24, 2022
Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via... Critical Unreviewed
CVE-2020-25494 was published May 24, 2022
Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. Critical Unreviewed
CVE-2020-28367 was published May 24, 2022
The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument... Critical Unreviewed
CVE-2019-12147 was published May 24, 2022
The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an... Critical Unreviewed
CVE-2019-12148 was published May 24, 2022
Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to... Critical Unreviewed
CVE-2017-14591 was published May 17, 2022
There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial... Critical Unreviewed
CVE-2018-13385 was published May 13, 2022
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x... Critical Unreviewed
CVE-2018-17456 was published May 13, 2022
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program... Critical Unreviewed
CVE-2018-10992 was published May 13, 2022
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by... Critical Unreviewed
CVE-2019-3463 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API