Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,518
Maven
5,000+
npm
5,000+
NuGet
911
pip
4,758
Pub
13
RubyGems
1,036
Rust
1,228
Swift
53
Unreviewed advisories
All unreviewed
5,000+

298 advisories

Loading
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd... High Unreviewed
CVE-2025-32455 was published Jun 8, 2025
Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options.... High Unreviewed
CVE-2022-37027 was published Sep 22, 2022
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability... High Unreviewed
CVE-2025-3945 was published May 22, 2025
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service ... Critical Unreviewed
CVE-2021-26937 was published May 24, 2022
myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable... High Unreviewed
CVE-2021-46850 was published Oct 24, 2022
In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection... Critical Unreviewed
CVE-2022-45062 was published Nov 9, 2022
CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was... High Unreviewed
CVE-2022-23740 was published Nov 23, 2022
Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team... High Unreviewed
CVE-2022-46883 was published Dec 22, 2022
DevDojo Voyager Argument Injection vulnerability Critical
CVE-2025-32931 was published for tcg/voyager (Composer) Apr 14, 2025
Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5... High Unreviewed
CVE-2007-0882 was published May 1, 2022
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail()... High Unreviewed
CVE-2001-1246 was published Apr 30, 2022
A vulnerability was found in Pagure. An argument injection in Git during retrieval of the... Critical Unreviewed
CVE-2024-47516 was published Mar 26, 2025
Matrix IRC Bridge allows IRC command injection to own puppeted user Low
CVE-2025-27146 was published for matrix-appservice-irc (npm) Feb 25, 2025
funderscore1 Credited to funderscore1
Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments.... High Unreviewed
CVE-2023-47804 was published Dec 29, 2023
Improper neutralization of argument delimiters in a command ('Argument Injection') issue exists... Moderate Unreviewed
CVE-2025-24845 was published Feb 6, 2025
Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of... High Unreviewed
CVE-2025-0065 was published Jan 28, 2025
An argument injection vulnerability in the diagnose and import pac commands in WatchGuard... Moderate Unreviewed
CVE-2022-31749 was published Jan 28, 2025
Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0,... High Unreviewed
CVE-2001-0667 was published Apr 30, 2022
A user with administrator privileges can perform command injection High Unreviewed
CVE-2024-9131 was published Jan 11, 2025
go-git has an Argument Injection via the URL field Critical
CVE-2025-21613 was published for github.com/go-git/go-git/v5 (Go) Jan 6, 2025
vin01 Credited to vin01
Gogs has an argument Injection in the built-in SSH server Critical
CVE-2024-39930 was published for gogs.io/gogs (Go) Dec 23, 2024
swapgs Credited to swapgs
Gogs allows argument Injection when tagging new releases High
CVE-2024-39933 was published for gogs.io/gogs (Go) Dec 23, 2024
swapgs Credited to swapgs
Duplicate Advisory: github.com/gogs/gogs affected by CVE-2024-39930 Critical
GHSA-p69r-v3h4-rj4f was published for github.com/gogs/gogs (Go) Jul 4, 2024 withdrawn
Duplicate Advisory: Gogs allows argument injection during the tagging of a new release High
GHSA-8mm6-wmpp-mmm3 was published for github.com/gogs/gogs (Go) Jul 4, 2024 withdrawn
Laravel environment manipulation via query string High
CVE-2024-52301 was published for laravel/framework (Composer) Nov 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database