Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
74
GitHub Actions
54
Go
4,085
Maven
5,000+
npm
5,000+
NuGet
994
pip
5,000+
Pub
13
RubyGems
1,095
Rust
1,413
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

126 advisories

Loading
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability... High Unreviewed
CVE-2026-53694 was published Jun 10, 2026
A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency... High Unreviewed
CVE-2026-11332 was published Jun 5, 2026
Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release... High Unreviewed
CVE-2026-41013 was published Jun 1, 2026
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection... High Unreviewed
CVE-2026-49373 was published May 29, 2026
A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect... High Unreviewed
CVE-2026-3515 was published May 26, 2026
IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote... High Unreviewed
CVE-2026-47114 was published May 21, 2026
A hidden console command is vulnerable to command injection flaw when control characters are... High Unreviewed
CVE-2026-7865 was published May 5, 2026
During an internal security assessment, a potential vulnerability was discovered in Lenovo... High Unreviewed
CVE-2026-4145 was published Apr 15, 2026
The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and... High Unreviewed
CVE-2023-6634 was published Jan 11, 2024
Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to... High Unreviewed
CVE-2026-0634 was published Apr 2, 2026
In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF... High Unreviewed
CVE-2026-29954 was published Mar 30, 2026
A remote, unauthenticated attacker may be able to send crafted messages to the web server of the... High Unreviewed
CVE-2024-22182 was published Mar 1, 2024
The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters... High Unreviewed
CVE-2004-0411 was published Apr 29, 2022
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter... High Unreviewed
CVE-2004-0121 was published Apr 29, 2022
Argument injection vulnerability in Beagle before 0.2.5 allows attackers to execute arbitrary... High Unreviewed
CVE-2006-1865 was published May 1, 2022
Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or... High Unreviewed
CVE-2006-3015 was published May 1, 2022
A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can... High Unreviewed
CVE-2025-41761 was published Mar 9, 2026
The Settings application has an argument injection vulnerability. Successful exploitation of this... High Unreviewed
CVE-2022-37005 was published Aug 11, 2022
An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute... High Unreviewed
CVE-2026-26514 was published Mar 4, 2026
WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2026-0774 was published Jan 23, 2026
A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity... High Unreviewed
CVE-2025-67858 was published Jan 8, 2026
Easywall 0.3.1 allows authenticated remote command execution via a command injection... High Unreviewed
CVE-2024-58275 was published Dec 4, 2025
An argument injection vulnerability exists in the affected product that could allow an attacker... High Unreviewed
CVE-2025-12556 was published Nov 6, 2025
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via... High Unreviewed
CVE-2020-12641 was published May 24, 2022
Unity Editor 2019.1 through 6000.3 could allow remote attackers to exploit file loading and Local... High Unreviewed
CVE-2025-59489 was published Oct 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database