Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,933
Erlang
39
GitHub Actions
38
Go
2,595
Maven
5,000+
npm
4,247
NuGet
754
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+

252 advisories

Loading
Remote code execution in PHPMailer Critical
CVE-2016-10033 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the... Moderate Unreviewed
CVE-2024-41710 was published Aug 12, 2024
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via... High Unreviewed
CVE-2020-12641 was published May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation... Low Unreviewed
CVE-2025-23073 was published Jan 14, 2025
tracexec has `env` command argument injection via environment variables starting with dash in traced exec events Low
GHSA-6fgx-x7m2-74qm was published for tracexec (Rust) Oct 13, 2025
kxxt
Credited to kxxt
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Moderate Unreviewed
CVE-2025-43905 was published Oct 7, 2025
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Moderate Unreviewed
CVE-2025-36565 was published Oct 7, 2025
Unity Editor 2019.1 through 6000.3 could allow remote attackers to exploit file loading and Local... High Unreviewed
CVE-2025-59489 was published Oct 3, 2025
go-mail has insufficient address encoding when passing mail addresses to the SMTP client High
CVE-2025-59937 was published for github.com/wneessen/go-mail (Go) Sep 29, 2025
xclow3n
Credited to xclow3n
asdasdasdasdasdasdasd Critical Unreviewed
CVE-2025-11150 was published Sep 29, 2025
blamer vulnerable to Arbitrary Argument Injection via the blameByFile() API Moderate
CVE-2023-26143 was published for blamer (npm) Sep 19, 2023
lirantal
Credited to lirantal
@conventional-changelog/git-client has Argument Injection vulnerability Moderate
CVE-2025-59433 was published for @conventional-changelog/git-client (npm) Sep 22, 2025
lirantal
Credited to lirantal
ggit is vulnerable to Arbitrary Argument Injection via the clone() API Moderate
CVE-2024-21533 was published for ggit (npm) Oct 8, 2024
lirantal
Credited to lirantal
Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing... Critical Unreviewed
CVE-2024-35307 was published Jun 10, 2024
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability... High Unreviewed
CVE-2025-47421 was published Sep 3, 2025
A server side request forgery vulnerability was identified in GitHub Enterprise Server that... High Unreviewed
CVE-2024-3684 was published Apr 19, 2024
Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument... High Unreviewed
CVE-2025-43730 was published Aug 27, 2025
Argument injection in special agent configuration in Checkmk <2.4.0p1, <2.3.0p32, <2.2.0p42 and 2... High Unreviewed
CVE-2025-1712 was published May 21, 2025
An issue was discovered in Commvault before 11.36.60. A security vulnerability has been... Moderate Unreviewed
CVE-2025-57791 was published Aug 20, 2025
filebrowser Allows Shell Commands to Spawn Other Commands High
CVE-2025-52903 was published for github.com/filebrowser/filebrowser (Go) Jun 27, 2025
mtausig hacdias
Credited to mtausig and hacdias
gix-transport code execution vulnerability Moderate
CVE-2023-53158 was published for gix-transport (Rust) Sep 25, 2023
EliahKagan
Credited to EliahKagan
An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions... High Unreviewed
CVE-2025-6231 was published Jul 17, 2025
An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions... High Unreviewed
CVE-2025-6232 was published Jul 17, 2025
A vulnerability exists in Advantech iView that allows for argument injection in NetworkServlet... High Unreviewed
CVE-2025-52459 was published Jul 11, 2025
A vulnerability exists in Advantech iView that allows for argument injection in the... High Unreviewed
CVE-2025-53509 was published Jul 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database