GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
189 advisories
Filter by severity
An Argument Injection or Modification vulnerability in the "Change Secret" username field as used...
Critical
Unreviewed
CVE-2022-1399
was published
Aug 18, 2022
mc-kill-port vulnerable to Arbitrary Command Execution via kill function
High
CVE-2022-25973
was published
for
mc-kill-port
(npm)
Aug 11, 2022
The Settings application has an argument injection vulnerability. Successful exploitation of this...
High
Unreviewed
CVE-2022-37005
was published
Aug 11, 2022
Apache Hadoop argument injection vulnerability
Critical
CVE-2022-25168
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Aug 5, 2022
In JetBrains TeamCity before 2022.04.2 build parameter injection was possible
High
Unreviewed
CVE-2022-36322
was published
Jul 21, 2022
Codecov does not sanitize gcov arguments
Moderate
CVE-2019-10800
was published
for
codecov
(pip)
Jul 14, 2022
paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment...
Moderate
Unreviewed
CVE-2022-31246
was published
Jun 18, 2022
OS Command Injection in git-promise
High
CVE-2022-24376
was published
for
git-promise
(npm)
Jun 11, 2022
Arbitrary file write in dragonfly
Critical
CVE-2021-33473
was published
for
dragonfly
(RubyGems)
Jun 3, 2022
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability...
Critical
Unreviewed
CVE-2020-5648
was published
May 24, 2022
Within the function HandleFileArg the argument filepattern is under control of the user who...
High
Unreviewed
CVE-2021-21814
was published
May 24, 2022
In the Amazon AWS WorkSpaces client before 3.1.9 on Windows, argument injection in the workspaces...
High
Unreviewed
CVE-2021-38112
was published
May 24, 2022
The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery...
High
Unreviewed
CVE-2021-41316
was published
May 24, 2022
A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated,...
High
Unreviewed
CVE-2021-34718
was published
May 24, 2022
A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung...
High
Unreviewed
CVE-2021-35062
was published
May 24, 2022
Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an...
Critical
Unreviewed
CVE-2021-31698
was published
May 24, 2022
An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface...
Moderate
Unreviewed
CVE-2021-3045
was published
May 24, 2022
By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish...
High
Unreviewed
CVE-2021-3540
was published
May 24, 2022
An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users...
High
Unreviewed
CVE-2021-34816
was published
May 24, 2022
An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile feature in Access...
High
Unreviewed
CVE-2021-36122
was published
May 24, 2022
When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the...
High
Unreviewed
CVE-2021-24002
was published
May 24, 2022
KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the html_url parameter of the...
Moderate
Unreviewed
CVE-2021-3256
was published
May 24, 2022
A vulnerability in the web UI of Cisco Modeling Labs could allow an authenticated, remote...
High
Unreviewed
CVE-2021-1531
was published
May 24, 2022
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was...
Critical
Unreviewed
CVE-2021-31909
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API