GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
49 advisories
Filter by severity
Apache Hadoop argument injection vulnerability
Critical
CVE-2022-25168
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Aug 5, 2022
In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection...
Critical
Unreviewed
CVE-2022-45062
was published
Nov 9, 2022
Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection.
Critical
Unreviewed
CVE-2020-28367
was published
May 24, 2022
Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to...
Critical
Unreviewed
CVE-2017-14591
was published
May 17, 2022
There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial...
Critical
Unreviewed
CVE-2018-13385
was published
May 13, 2022
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x...
Critical
Unreviewed
CVE-2018-17456
was published
May 13, 2022
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program...
Critical
Unreviewed
CVE-2018-10992
was published
May 13, 2022
Command injection in nodemailer
Critical
CVE-2020-7769
was published
for
nodemailer
(npm)
May 10, 2021
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by...
Critical
Unreviewed
CVE-2019-3463
was published
May 13, 2022
Command injection in git-interface
Critical
CVE-2022-1440
was published
for
git-interface
(npm)
Apr 23, 2022
An Argument Injection or Modification vulnerability in the "Change Secret" username field as used...
Critical
Unreviewed
CVE-2022-1399
was published
Aug 18, 2022
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability...
Critical
Unreviewed
CVE-2020-5648
was published
May 24, 2022
Gitea vulnerable to Argument Injection
Critical
CVE-2022-42968
was published
for
github.com/go-gitea/gitea
(Go)
Oct 16, 2022
Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an...
Critical
Unreviewed
CVE-2021-31698
was published
May 24, 2022
The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote...
Critical
Unreviewed
CVE-2021-24030
was published
May 24, 2022
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was...
Critical
Unreviewed
CVE-2021-31909
was published
May 24, 2022
A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote...
Critical
Unreviewed
CVE-2020-21224
was published
May 24, 2022
Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via...
Critical
Unreviewed
CVE-2020-25494
was published
May 24, 2022
AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_del.inc.php
Critical
Unreviewed
CVE-2022-47926
was published
Dec 22, 2022
An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung...
Critical
Unreviewed
CVE-2018-3856
was published
May 13, 2022
Arbitrary file write in dragonfly
Critical
CVE-2021-33473
was published
for
dragonfly
(RubyGems)
Jun 3, 2022
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default...
Critical
Unreviewed
CVE-2020-28026
was published
May 24, 2022
CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule
Critical
Unreviewed
CVE-2021-43736
was published
Mar 24, 2022
ProTip!
Advisories are also available from the
GraphQL API