Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,825
Erlang
29
GitHub Actions
16
Go
1,715
Maven
4,950
npm
3,479
NuGet
605
pip
3,009
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+

179 advisories

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root... Moderate Unreviewed
CVE-2022-37705 was published Apr 16, 2023
CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument... High Unreviewed
CVE-2023-25356 was published Apr 4, 2023
A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet... High Unreviewed
CVE-2022-40677 was published Feb 16, 2023
Command injection in Git package in Wrangler High
CVE-2022-31249 was published for github.com/rancher/wrangler (Go) Jan 25, 2023
cokeBeer aruneko
tdunlap607
Command injection in Rancher Git package Moderate
CVE-2022-43758 was published for github.com/rancher/rancher (Go) Jan 25, 2023
cokeBeer snoopysecurity
Froxlor vulnerable to Argument Injection Moderate
CVE-2022-4864 was published for froxlor/froxlor (Composer) Dec 31, 2022
AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_del.inc.php Critical Unreviewed
CVE-2022-47926 was published Dec 22, 2022
A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions), SIMATIC WinCC OA V3... Moderate Unreviewed
CVE-2022-44731 was published Dec 13, 2022
phpxmlrpc vulnerable to argument injection Moderate
GHSA-q7qq-9gx2-ggxv was published for phpxmlrpc/phpxmlrpc (Composer) Dec 2, 2022
CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was... High Unreviewed
CVE-2022-23740 was published Nov 23, 2022
In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection... Critical Unreviewed
CVE-2022-45062 was published Nov 9, 2022
Gitea vulnerable to Argument Injection Critical
CVE-2022-42968 was published for github.com/go-gitea/gitea (Go) Oct 16, 2022
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS... Moderate Unreviewed
CVE-2022-3140 was published Oct 12, 2022
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker... Moderate Unreviewed
CVE-2022-20930 was published Oct 1, 2022
Poetry Argument Injection can lead to Local Code Execution High
CVE-2022-36069 was published for poetry (pip) Sep 16, 2022
paul-gerste-sonarsource neersighted
An Argument Injection or Modification vulnerability in the "Change Secret" username field as used... Critical Unreviewed
CVE-2022-1399 was published Aug 18, 2022
mc-kill-port vulnerable to Arbitrary Command Execution via kill function High
CVE-2022-25973 was published for mc-kill-port (npm) Aug 11, 2022
The Settings application has an argument injection vulnerability. Successful exploitation of this... High Unreviewed
CVE-2022-37005 was published Aug 11, 2022
Apache Hadoop argument injection vulnerability Critical
CVE-2022-25168 was published for org.apache.hadoop:hadoop-common (Maven) Aug 5, 2022
In JetBrains TeamCity before 2022.04.2 build parameter injection was possible High Unreviewed
CVE-2022-36322 was published Jul 21, 2022
Codecov prior to 2.0.16 does not sanitize gcov arguments Moderate
CVE-2019-10800 was published for codecov (pip) Jul 14, 2022
Command injection in git-clone High
CVE-2022-25900 was published for git-clone (npm) Jul 2, 2022
lirantal
paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment... Moderate Unreviewed
CVE-2022-31246 was published Jun 18, 2022
OS Command Injection in git-promise High
CVE-2022-24376 was published for git-promise (npm) Jun 11, 2022
lirantal
Arbitrary file write in dragonfly Critical
CVE-2021-33473 was published for dragonfly (RubyGems) Jun 3, 2022
ProTip! Advisories are also available from the GraphQL API