GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
98 advisories
Filter by severity
An argument injection vulnerability in the browser-based authentication component of the...
High
Unreviewed
CVE-2022-30240
was published
May 10, 2022
An argument injection vulnerability in the browser-based authentication component of the...
High
Unreviewed
CVE-2022-29972
was published
May 10, 2022
An argument injection vulnerability in the browser-based authentication component of the...
High
Unreviewed
CVE-2022-30239
was published
May 10, 2022
An argument injection vulnerability in the browser-based authentication component of the...
High
Unreviewed
CVE-2022-29971
was published
May 10, 2022
Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or...
High
Unreviewed
CVE-2006-3015
was published
May 1, 2022
Argument injection vulnerability in Beagle before 0.2.5 allows attackers to execute arbitrary...
High
Unreviewed
CVE-2006-1865
was published
May 1, 2022
Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0,...
High
Unreviewed
CVE-2001-0667
was published
Apr 30, 2022
Some implementations of rlogin allow root access if given a -froot parameter.
High
Unreviewed
CVE-1999-0113
was published
Apr 30, 2022
Argument injection vulnerability in the SSH URI handler for Safari on Mac OS 10.3.3 and earlier...
High
Unreviewed
CVE-2004-0489
was published
Apr 29, 2022
Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 allows remote attackers to...
High
Unreviewed
CVE-2004-0480
was published
Apr 29, 2022
The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters...
High
Unreviewed
CVE-2004-0411
was published
Apr 29, 2022
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter...
High
Unreviewed
CVE-2004-0121
was published
Apr 29, 2022
Missing input validation can lead to command execution in composer
High
CVE-2022-24828
was published
for
composer/composer
(Composer)
Apr 22, 2022
Command injection in cocoapods-downloader
High
CVE-2022-24440
was published
for
cocoapods-downloader
(RubyGems)
Apr 2, 2022
Command injection in cocoapods-downloader
High
CVE-2022-21223
was published
for
cocoapods-downloader
(RubyGems)
Apr 2, 2022
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Weblate
High
CVE-2022-23915
was published
for
Weblate
(pip)
Mar 4, 2022
An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized...
High
Unreviewed
CVE-2021-42561
was published
Jan 13, 2022
Arbitrary command execution on Windows via qutebrowserurl: URL handler
High
CVE-2021-41146
was published
for
qutebrowser
(pip)
Oct 22, 2021
Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial
High
CVE-2021-29472
was published
for
composer/composer
(Composer)
Apr 29, 2021
Argument injection in a MimeTypeGuesser in Symfony
High
CVE-2019-18888
was published
for
symfony/http-foundation
(Composer)
Dec 2, 2019
RubyGems Escape sequence injection vulnerability in verbose
High
CVE-2019-8321
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
ProTip!
Advisories are also available from the
GraphQL API