Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+

201 advisories

Loading
Apache Hadoop argument injection vulnerability Critical
CVE-2022-25168 was published for org.apache.hadoop:hadoop-common (Maven) Aug 5, 2022
Command injection in simple-git High
CVE-2022-24066 was published for simple-git (npm) Apr 2, 2022
lirantal rhelinko-telia
Arbitrary code execution in H2 Console Critical
CVE-2022-23221 was published for com.h2database:h2 (Maven) Jan 21, 2022
Dragonfly contains remote code execution vulnerability Critical
CVE-2021-33564 was published for dragonfly (RubyGems) Jun 2, 2021
RubyGems Escape sequence injection vulnerability in verbose High
CVE-2019-8321 was published for rubygems-update (RubyGems) Jun 20, 2019
Command injection in git-clone High
CVE-2022-25900 was published for git-clone (npm) Jul 2, 2022
lirantal
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks Critical
CVE-2021-21386 was published for APKLeaks (pip) Jan 21, 2022
Ry0taK
Arbitrary Code Execution in mathjs Critical
CVE-2017-1001003 was published for mathjs (npm) Dec 18, 2017
Duplicate Advisory: Improper Neutralization of CRLF Sequences in dio High
GHSA-jwpw-q68h-r678 was published for dio (Pub) May 24, 2022 withdrawn
AlexV525
Froxlor vulnerable to Argument Injection Moderate
CVE-2022-4864 was published for froxlor/froxlor (Composer) Dec 31, 2022
When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the... High Unreviewed
CVE-2021-24002 was published May 24, 2022
Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile. Moderate
CVE-2021-43809 was published for bundler (RubyGems) Dec 8, 2021
paul-gerste-sonarsource
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker... Moderate Unreviewed
CVE-2022-20930 was published Oct 1, 2022
blamer vulnerable to Arbitrary Argument Injection via the blameByFile() API Moderate
CVE-2023-26143 was published for blamer (npm) Sep 19, 2023
Apache Airflow ODBC Provider Argument Injection vulnerability High
CVE-2023-34395 was published for apache-airflow-providers-odbc (pip) Jun 27, 2023
Prototype Pollution in mixin-deep Critical
CVE-2019-10746 was published for mixin-deep (npm) Aug 27, 2019
A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root... Moderate Unreviewed
CVE-2022-37705 was published Apr 16, 2023
An argument injection vulnerability has been identified in the administrative web interface of... Critical Unreviewed
CVE-2023-6269 was published Dec 5, 2023
An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software... Moderate Unreviewed
CVE-2023-6792 was published Dec 13, 2023
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability... High Unreviewed
CVE-2023-46681 was published Dec 26, 2023
Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments.... High Unreviewed
CVE-2023-47804 was published Dec 29, 2023
Missing input validation can lead to command execution in composer High
CVE-2022-24828 was published for composer/composer (Composer) Apr 22, 2022
thomas-chauchefoin-sonarsource
Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial High
CVE-2021-29472 was published for composer/composer (Composer) Apr 29, 2021
thomas-chauchefoin-sonarsource
A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation... High Unreviewed
CVE-2023-20224 was published Aug 17, 2023
Code execution in Embedchain Critical
CVE-2024-23731 was published for embedchain (pip) Jan 21, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database