dnf5-advisory - Man Page

Advisory Command

Synopsis

dnf5 advisory <subcommand> [options] [<advisory-spec>...]

Description

The advisory command in DNF5 offers several queries for getting information about advisories and packages related to them.

Optional advisory-spec arguments could be passed to filter only advisories with given names.

Subcommands

list

List available advisories.

info

Print details about advisories.

summary

Print a summary of advisories.

Options

--all

Show advisories containing any version of installed packages.

--available

Show advisories containing newer versions of installed packages. This is the default behavior.

--installed

Show advisories containing equal and older versions of installed packages.

--updates

Show advisories containing newer versions of installed packages for which a newer version is available.

--contains-pkgs=PACKAGE_NAME,...

Show only advisories containing packages with specified names.
This is a list option.
Only installed packages are matched. Globs are supported.

--security

Include content contained in security advisories.

--bugfix

Include content contained in bugfix advisories.

--enhancement

Include content contained in enhancement advisories.

--newpackage

Include content contained in newpackage advisories.

--advisory-severities=ADVISORY_SEVERITY,...

Include content contained in advisories with specified severity.
This is a list option.
Accepted values are: critical, important, moderate, low, none.

--bzs=BUGZILLA_ID,...

Include content contained in advisories that fix a ticket of the given Bugzilla ID.
This is a list option.
Expected values are numeric IDs, e.g. 123123.
Any transaction command (install, upgrade) will fail with an error if there is no advisory fixing the given ticket; this can be bypassed by using the --skip-unavailable switch.

--cves=CVE_ID,...

Include content contained in advisories that fix a ticket of the given CVE (Common Vulnerabilities and Exposures) ID.
This is a list option.
Expected values are string IDs in CVE format, e.g. CVE-2201-0123.
Any transaction command (install, upgrade) will fail with an error if there is no advisory fixing the given ticket; this can be bypassed by using the --skip-unavailable switch.

--with-bz

Show only advisories referencing a Bugzilla ticket.

--with-cve

Show only advisories referencing a CVE ticket.

--json

Request JSON output format for machine-readable results.
Available for list and info subcommands only.

Examples

dnf5 advisory info FEDORA-2022-07aa56297a

Show detailed info about advisory with given name.

dnf5 advisory summary --contains-pkgs=kernel,kernel-core --with-bz

Show a summary of advisories containing kernel or kernel-core packages and referencing any Bugzilla ticket.

dnf5 advisory list --security --advisory-severities=important

Show a list of security advisories or advisories with important severity.

dnf5 advisory list --json

List all advisories in JSON format for programmatic processing.

dnf5 advisory list --json --with-cve

List advisories with CVE references in JSON format (extended format).

dnf5 advisory info FEDORA-2022-07aa56297a --json

Show detailed info about advisory in JSON format.

JSON Output

dnf5 advisory list --json

The command returns a JSON array, each element describing one advisory.

Basic format (without --with-cve or --with-bz):

name (string) - Advisory identifier.
type (string) - Advisory type (security, bugfix, enhancement).
severity (string) - Advisory severity level.
nevra (string) - Package name-epoch:version-release.architecture.
buildtime (integer) - Advisory build time, UNIX time.

Extended format (with --with-cve or --with-bz):

advisory_name (string) - Advisory identifier.
advisory_type (string) - Advisory type (security, bugfix, enhancement).
advisory_severity (string) - Advisory severity level.
advisory_buildtime (integer) - Advisory build time, UNIX time.
nevra (string) - Package name-epoch:version-release.architecture.
references (array) - List of references (CVE/Bugzilla). Each reference contains:
- reference_id (string) - Reference identifier (e.g., CVE-2024-1234).
- reference_type (string) - Reference type (cve or bugzilla).
dnf5 advisory info --json

The command returns a JSON array, each element containing detailed advisory information. Each advisory object contains the following fields:

Name (string) - Advisory name/identifier.
Title (string) - Advisory title.
Type (string) - Advisory type (security, bugfix, enhancement).
Severity (string) - Advisory severity level.
Status (string) - Advisory status.
Vendor (string) - Advisory vendor.
Issued (integer) - Advisory issue time, UNIX time.
Description (string) - Detailed advisory description.
Message (string) - Advisory message.
Rights (string) - Advisory rights/copyright information.
references (array) - List of references (CVE, Bugzilla, etc.). Each reference contains:
- Title (string) - Reference title.
- Id (string) - Reference identifier (e.g., CVE-2024-1234).
- Type (string) - Reference type (cve, bugzilla, etc.).
- Url (string) - Reference URL.
collections (object) - Package and module collections affected by the advisory:
- packages (array) - List of affected package NEVRAs (only present if packages exist).
- modules (array) - List of affected module NSVCAs (only present if modules exist).

For empty results:

dnf5 advisory list --json returns [] (empty array).
dnf5 advisory info --json returns [] (empty array).

Author

See AUTHORS.md in dnf5 source distribution.

Copyright

Contributors to the dnf5 project.

Referenced By

dnf5(8), dnf5-do(8), dnf5-install(8), dnf5-repoquery(8), dnf5-upgrade(8).

The man page dnf-advisory(8) is an alias of dnf5-advisory(8).

Nov 05, 2025 dnf5