Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,713
NuGet
661
pip
3,386
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

33 advisories

Loading
Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti... Critical Unreviewed
CVE-2024-38656 was published Nov 13, 2024
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti... Critical Unreviewed
CVE-2024-39711 was published Nov 13, 2024
Argument injection in Ivanti Connect Secure before version 22.7R2 and 9.1R18.7 and Ivanti Policy... Critical Unreviewed
CVE-2024-39710 was published Nov 13, 2024
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti... Critical Unreviewed
CVE-2024-39712 was published Nov 13, 2024
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure... Critical Unreviewed
CVE-2024-38655 was published Nov 13, 2024
A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0).... Critical Unreviewed
CVE-2024-47553 was published Oct 8, 2024
The product allows user input to control or influence paths or file names that are used in... Critical Unreviewed
CVE-2024-3980 was published Aug 27, 2024
There is a command injection problem in the old version of the mobile phone backup app. Critical Unreviewed
CVE-2023-26310 was published Aug 9, 2023
Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message... Critical Unreviewed
CVE-2023-33378 was published Aug 4, 2023
Connected IO v2.1.0 and prior has an argument injection vulnerability in its iptables command... Critical Unreviewed
CVE-2023-33376 was published Aug 4, 2023
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service ... Critical Unreviewed
CVE-2021-26937 was published May 24, 2022
The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an... Critical Unreviewed
CVE-2019-12148 was published May 24, 2022
The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument... Critical Unreviewed
CVE-2019-12147 was published May 24, 2022
An argument injection vulnerability has been identified in the administrative web interface of... Critical Unreviewed
CVE-2023-6269 was published Dec 5, 2023
The go command may execute arbitrary code at build time when using cgo. This may occur when... Critical Unreviewed
CVE-2023-29405 was published Jun 8, 2023
In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection... Critical Unreviewed
CVE-2022-45062 was published Nov 9, 2022
Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. Critical Unreviewed
CVE-2020-28367 was published May 24, 2022
Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to... Critical Unreviewed
CVE-2017-14591 was published May 17, 2022
There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial... Critical Unreviewed
CVE-2018-13385 was published May 13, 2022
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x... Critical Unreviewed
CVE-2018-17456 was published May 13, 2022
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program... Critical Unreviewed
CVE-2018-10992 was published May 13, 2022
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by... Critical Unreviewed
CVE-2019-3463 was published May 13, 2022
An Argument Injection or Modification vulnerability in the "Change Secret" username field as used... Critical Unreviewed
CVE-2022-1399 was published Aug 18, 2022
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability... Critical Unreviewed
CVE-2020-5648 was published May 24, 2022
Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an... Critical Unreviewed
CVE-2021-31698 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database