Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,350
Erlang
31
GitHub Actions
22
Go
2,119
Maven
5,000+
npm
3,778
NuGet
680
pip
3,459
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

209 advisories

Loading
Improper neutralization of argument delimiters in a command ('Argument Injection') issue exists... Moderate Unreviewed
CVE-2025-24845 was published Feb 6, 2025
Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of... High Unreviewed
CVE-2025-0065 was published Jan 28, 2025
An argument injection vulnerability in the diagnose and import pac commands in WatchGuard... Moderate Unreviewed
CVE-2022-31749 was published Jan 28, 2025
Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0,... High Unreviewed
CVE-2001-0667 was published Apr 30, 2022
A user with administrator privileges can perform command injection High Unreviewed
CVE-2024-9131 was published Jan 11, 2025
go-git has an Argument Injection via the URL field Critical
CVE-2025-21613 was published for github.com/go-git/go-git/v5 (Go) Jan 6, 2025
vin01
Gogs has an argument Injection in the built-in SSH server Critical
CVE-2024-39930 was published for gogs.io/gogs (Go) Dec 23, 2024
swapgs
Gogs allows argument Injection when tagging new releases High
CVE-2024-39933 was published for gogs.io/gogs (Go) Dec 23, 2024
swapgs
Duplicate Advisory: github.com/gogs/gogs affected by CVE-2024-39930 Critical
GHSA-p69r-v3h4-rj4f was published for github.com/gogs/gogs (Go) Jul 4, 2024 withdrawn
Duplicate Advisory: Gogs allows argument injection during the tagging of a new release High
GHSA-8mm6-wmpp-mmm3 was published for github.com/gogs/gogs (Go) Jul 4, 2024 withdrawn
Laravel environment manipulation via query string High
CVE-2024-52301 was published for laravel/framework (Composer) Nov 12, 2024
Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command (... High Unreviewed
CVE-2024-51532 was published Dec 19, 2024
Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated... Critical Unreviewed
CVE-2024-11633 was published Dec 10, 2024
The go command may execute arbitrary code at build time when using cgo. This may occur when... Critical Unreviewed
CVE-2023-29405 was published Jun 8, 2023
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Weblate High
CVE-2022-23915 was published for Weblate (pip) Mar 4, 2022
dellalibera
Codecov does not sanitize gcov arguments High
CVE-2019-10800 was published for codecov (pip) Jul 14, 2022
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated,... Moderate Unreviewed
CVE-2021-1484 was published Nov 15, 2024
Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti... Critical Unreviewed
CVE-2024-38656 was published Nov 13, 2024
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti... Critical Unreviewed
CVE-2024-39711 was published Nov 13, 2024
Argument injection in Ivanti Connect Secure before version 22.7R2 and 9.1R18.7 and Ivanti Policy... Critical Unreviewed
CVE-2024-39710 was published Nov 13, 2024
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure... Critical Unreviewed
CVE-2024-38655 was published Nov 13, 2024
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti... Critical Unreviewed
CVE-2024-39712 was published Nov 13, 2024
git-shallow-clone Argument Injection vulnerability Moderate
CVE-2024-21531 was published for git-shallow-clone (npm) Oct 1, 2024
DSimsek000
Argument injection in python-libnmap Critical
CVE-2022-30284 was published for python-libnmap (pip) May 6, 2022
jefimm
Poetry Argument Injection can lead to Local Code Execution High
CVE-2022-36069 was published for poetry (pip) Sep 16, 2022
paul-gerste-sonarsource neersighted
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database