1. Manuals
  2. Tumbleweed
  3. dnf5
  4. dnf-advisory(8)

Scroll to navigation

DNF5-ADVISORY(8) dnf5 DNF5-ADVISORY(8)

NAME

dnf5-advisory - Advisory Command

SYNOPSIS

dnf5 advisory <subcommand> [options] [<advisory-spec>...]

DESCRIPTION

The advisory command in DNF5 offers several queries for getting information about advisories and packages related to them.

Optional advisory-spec arguments could be passed to filter only advisories with given names.

Note:

The updateinfo command is available as a compatibility alias for advisory. For example, dnf5 updateinfo list is equivalent to dnf5 advisory list.


SUBCOMMANDS

List advisories matching the specified criteria.
Displays a table with the following columns: Name (advisory ID), Type, Severity, Package (NEVRA), and Issued (date).
When --with-bz or --with-cve is specified, the first column shows the Bugzilla or CVE reference ID instead of the advisory name.
Installed advisory packages are highlighted in green.

Print detailed information about advisories.
For each matching advisory, displays: Name, Title, Severity, Type, Status, Vendor, Issued date, Description, Message, Rights, References (with Title, Id, Type, and URL), and affected packages/modules organized by collection.

Print a summary count of advisories by type and severity.
Displays a hierarchical summary showing the number of advisories in each category:
Security (with subcategories: Critical, Important, Moderate, Low, Other), Bugfix, Enhancement, and Other.
The output header indicates the filter mode: Available (default), All, Installed, or Updates.


OPTIONS

Show advisories containing any version of installed packages.

Show advisories containing newer versions of installed packages. This is the default behavior.

Show advisories containing equal and older versions of installed packages.

Show advisories containing newer versions of installed packages for which a newer version is available.

Show only advisories containing packages with specified names.
This is a list option.
Only installed packages are matched. Globs are supported.


Include content contained in security advisories.


Include content contained in bugfix advisories.


Include content contained in enhancement advisories.


Include content contained in newpackage advisories.


Include content contained in advisories with specified severity.
This is a list option.
Accepted values are: critical, important, moderate, low, none.


Include content contained in advisories that fix a ticket of the given Bugzilla ID.
This is a list option.
Expected values are numeric IDs, e.g. 123123.
Any transaction command (install, upgrade) will fail with an error if there is no advisory fixing the given ticket; this can be bypassed by using the --skip-unavailable switch.


Include content contained in advisories that fix a ticket of the given CVE (Common Vulnerabilities and Exposures) ID.
This is a list option.
Expected values are string IDs in CVE format, e.g. CVE-2201-0123.
Any transaction command (install, upgrade) will fail with an error if there is no advisory fixing the given ticket; this can be bypassed by using the --skip-unavailable switch.


Show only advisories referencing a Bugzilla ticket.

Show only advisories referencing a CVE ticket.

Request JSON output format for machine-readable results.
Available for list and info subcommands only.


EXAMPLES

Show detailed info about advisory with given name.

Show a summary of advisories containing kernel or kernel-core packages and referencing any Bugzilla ticket.

Show a list of security advisories or advisories with important severity.

List all advisories in JSON format for programmatic processing.

List advisories with CVE references in JSON format (extended format).

Show detailed info about advisory in JSON format.


JSON OUTPUT

dnf5 advisory list --json

The command returns a JSON array, each element describing one advisory.

Basic format (without --with-cve or --with-bz):

  • name (string) - Advisory identifier.
  • type (string) - Advisory type (security, bugfix, enhancement).
  • severity (string) - Advisory severity level.
  • nevra (string) - Package name-epoch:version-release.architecture.
  • buildtime (integer) - Advisory build time, UNIX time.

Extended format (with --with-cve or --with-bz):

  • advisory_name (string) - Advisory identifier.
  • advisory_type (string) - Advisory type (security, bugfix, enhancement).
  • advisory_severity (string) - Advisory severity level.
  • advisory_buildtime (integer) - Advisory build time, UNIX time.
  • nevra (string) - Package name-epoch:version-release.architecture.
  • references (array) - List of references (CVE/Bugzilla). Each reference contains:
  • reference_id (string) - Reference identifier (e.g., CVE-2024-1234).
  • reference_type (string) - Reference type (cve or bugzilla).


dnf5 advisory info --json

The command returns a JSON array, each element containing detailed advisory information. Each advisory object contains the following fields:

  • Name (string) - Advisory name/identifier.
  • Title (string) - Advisory title.
  • Type (string) - Advisory type (security, bugfix, enhancement).
  • Severity (string) - Advisory severity level.
  • Status (string) - Advisory status.
  • Vendor (string) - Advisory vendor.
  • Issued (integer) - Advisory issue time, UNIX time.
  • Description (string) - Detailed advisory description.
  • Message (string) - Advisory message.
  • Rights (string) - Advisory rights/copyright information.
  • references (array) - List of references (CVE, Bugzilla, etc.). Each reference contains:
  • Title (string) - Reference title.
  • Id (string) - Reference identifier (e.g., CVE-2024-1234).
  • Type (string) - Reference type (cve, bugzilla, etc.).
  • Url (string) - Reference URL.

collections (object) - Package and module collections affected by the advisory:
  • packages (array) - List of affected package NEVRAs (only present if packages exist).
  • modules (array) - List of affected module NSVCAs (only present if modules exist).


For empty results:

  • dnf5 advisory list --json returns [] (empty array).
  • dnf5 advisory info --json returns [] (empty array).

Author

See AUTHORS.md in dnf5 source distribution.

Copyright

Contributors to the dnf5 project.

February 19, 2026