GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,014
Maven
5,000+
npm
3,721
NuGet
662
pip
3,393
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
49 advisories
Filter by severity
Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti...
Critical
Unreviewed
CVE-2024-38656
was published
Nov 13, 2024
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti...
Critical
Unreviewed
CVE-2024-39712
was published
Nov 13, 2024
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti...
Critical
Unreviewed
CVE-2024-39711
was published
Nov 13, 2024
Argument injection in Ivanti Connect Secure before version 22.7R2 and 9.1R18.7 and Ivanti Policy...
Critical
Unreviewed
CVE-2024-39710
was published
Nov 13, 2024
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure...
Critical
Unreviewed
CVE-2024-38655
was published
Nov 13, 2024
A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0)....
Critical
Unreviewed
CVE-2024-47553
was published
Oct 8, 2024
The product allows user input to control or influence paths or file
names that are used in...
Critical
Unreviewed
CVE-2024-3980
was published
Aug 27, 2024
github.com/gogs/gogs affected by CVE-2024-39930
Critical
CVE-2024-39930
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches
Critical
CVE-2024-3817
was published
for
github.com/hashicorp/go-getter
(Go)
Apr 17, 2024
Code execution in Embedchain
Critical
CVE-2024-23731
was published
for
embedchain
(pip)
Jan 21, 2024
An argument injection vulnerability has been identified in the
administrative web interface of...
Critical
Unreviewed
CVE-2023-6269
was published
Dec 5, 2023
There is a command injection problem in the old version of the mobile phone backup app.
Critical
Unreviewed
CVE-2023-26310
was published
Aug 9, 2023
Connected IO v2.1.0 and prior has an argument injection vulnerability in its iptables command...
Critical
Unreviewed
CVE-2023-33376
was published
Aug 4, 2023
Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message...
Critical
Unreviewed
CVE-2023-33378
was published
Aug 4, 2023
The go command may execute arbitrary code at build time when using cgo. This may occur when...
Critical
Unreviewed
CVE-2023-29405
was published
Jun 8, 2023
AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_del.inc.php
Critical
Unreviewed
CVE-2022-47926
was published
Dec 22, 2022
In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection...
Critical
Unreviewed
CVE-2022-45062
was published
Nov 9, 2022
Gitea vulnerable to Argument Injection
Critical
CVE-2022-42968
was published
for
github.com/go-gitea/gitea
(Go)
Oct 16, 2022
An Argument Injection or Modification vulnerability in the "Change Secret" username field as used...
Critical
Unreviewed
CVE-2022-1399
was published
Aug 18, 2022
Apache Hadoop argument injection vulnerability
Critical
CVE-2022-25168
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Aug 5, 2022
Arbitrary file write in dragonfly
Critical
CVE-2021-33473
was published
for
dragonfly
(RubyGems)
Jun 3, 2022
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability...
Critical
Unreviewed
CVE-2020-5648
was published
May 24, 2022
Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an...
Critical
Unreviewed
CVE-2021-31698
was published
May 24, 2022
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was...
Critical
Unreviewed
CVE-2021-31909
was published
May 24, 2022
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default...
Critical
Unreviewed
CVE-2020-28026
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API