Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,831
Maven
5,000+
npm
4,462
NuGet
775
pip
4,226
Pub
12
RubyGems
972
Rust
1,093
Swift
47
Unreviewed advisories
All unreviewed
5,000+

60 advisories

Loading
Istio through 1.28.2 allows iptables rule injection for changing firewall behavior via the... Moderate Unreviewed
CVE-2026-23766 was published Jan 15, 2026
An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')... Moderate Unreviewed
CVE-2025-66002 was published Jan 8, 2026
A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a... Moderate Unreviewed
CVE-2025-14946 was published Dec 19, 2025
mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files Moderate
CVE-2025-68144 was published for mcp-server-git (pip) Dec 17, 2025
An improper neutralization of argument delimiters in a command vulnerability has been reported to... Moderate Unreviewed
CVE-2025-62847 was published Dec 16, 2025
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Moderate Unreviewed
CVE-2025-43905 was published Oct 7, 2025
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Moderate Unreviewed
CVE-2025-36565 was published Oct 7, 2025
@conventional-changelog/git-client has Argument Injection vulnerability Moderate
CVE-2025-59433 was published for @conventional-changelog/git-client (npm) Sep 22, 2025
lirantal
Credited to lirantal
An issue was discovered in Commvault before 11.36.60. A security vulnerability has been... Moderate Unreviewed
CVE-2025-57791 was published Aug 20, 2025
Improper neutralization of argument delimiters in a command ('Argument Injection') issue exists... Moderate Unreviewed
CVE-2025-24845 was published Feb 6, 2025
An argument injection vulnerability in the diagnose and import pac commands in WatchGuard... Moderate Unreviewed
CVE-2022-31749 was published Jan 28, 2025
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated,... Moderate Unreviewed
CVE-2021-1484 was published Nov 15, 2024
ggit is vulnerable to Arbitrary Argument Injection via the clone() API Moderate
CVE-2024-21533 was published for ggit (npm) Oct 8, 2024
lirantal
Credited to lirantal
A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center... Moderate Unreviewed
CVE-2024-20444 was published Oct 2, 2024
git-shallow-clone Argument Injection vulnerability Moderate
CVE-2024-21531 was published for git-shallow-clone (npm) Oct 1, 2024
dsimk
Credited to dsimk
The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all... Moderate Unreviewed
CVE-2024-7573 was published Aug 28, 2024
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the... Moderate Unreviewed
CVE-2024-41711 was published Aug 13, 2024
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the... Moderate Unreviewed
CVE-2024-41710 was published Aug 12, 2024
A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones, including 6970 Conference Unit,... Moderate Unreviewed
CVE-2024-31966 was published May 2, 2024
Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p25 and <2.3.0b5... Moderate Unreviewed
CVE-2024-3367 was published Apr 16, 2024
gix-transport indirect code execution via malicious username Moderate
CVE-2024-32884 was published for gitoxide (Rust) Apr 15, 2024
EliahKagan
Credited to EliahKagan
aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not... Moderate Unreviewed
CVE-2024-3775 was published Apr 15, 2024
A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual... Moderate Unreviewed
CVE-2024-20287 was published Jan 17, 2024
A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved... Moderate Unreviewed
CVE-2023-20260 was published Jan 17, 2024
An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software... Moderate Unreviewed
CVE-2023-6792 was published Dec 13, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database