GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
13 advisories
Filter by severity
phpxmlrpc vulnerable to argument injection
Moderate
GHSA-q7qq-9gx2-ggxv
was published
for
phpxmlrpc/phpxmlrpc
(Composer)
Dec 2, 2022
Argument Injection in Apache Geode server
Moderate
CVE-2017-15694
was published
for
org.apache.geode:geode-core
(Maven)
Jun 26, 2019
Command injection in Rancher Git package
Moderate
CVE-2022-43758
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
Remote command injection when using sendmail email transport
Moderate
GHSA-wfrj-qqc2-83cm
was published
for
ghost
(npm)
Sep 20, 2021
Froxlor vulnerable to Argument Injection
Moderate
CVE-2022-4864
was published
for
froxlor/froxlor
(Composer)
Dec 31, 2022
Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile.
Moderate
CVE-2021-43809
was published
for
bundler
(RubyGems)
Dec 8, 2021
blamer vulnerable to Arbitrary Argument Injection via the blameByFile() API
Moderate
CVE-2023-26143
was published
for
blamer
(npm)
Sep 19, 2023
gix-transport indirect code execution via malicious username
Moderate
CVE-2024-32884
was published
for
gitoxide
(Rust)
Apr 15, 2024
gix-transport code execution vulnerability
Moderate
GHSA-rrjw-j4m2-mf34
was published
for
gix-transport
(Rust)
Sep 25, 2023
Codecov does not sanitize gcov arguments
Moderate
CVE-2019-10800
was published
for
codecov
(pip)
Jul 14, 2022
Header injection possible in Django
Moderate
CVE-2021-32052
was published
for
Django
(pip)
Jun 9, 2021
ggit is vulnerable to Arbitrary Argument Injection via the clone() API
Moderate
CVE-2024-21533
was published
for
ggit
(npm)
Oct 8, 2024
git-shallow-clone Argument Injection vulnerability
Moderate
CVE-2024-21531
was published
for
git-shallow-clone
(npm)
Oct 1, 2024
ProTip!
Advisories are also available from the
GraphQL API