dnf5-advisory - Man Page

Advisory Command

Synopsis

dnf5 advisory <subcommand> [options] [<advisory-spec>...]

Description

The advisory command in DNF5 offers several queries for getting information about advisories and packages related to them.

Optional advisory-spec arguments could be passed to filter only advisories with given names.

Note:

The updateinfo command is available as a compatibility alias for advisory. For example, dnf5 updateinfo list is equivalent to dnf5 advisory list.

Subcommands

list

List advisories matching the specified criteria.
Displays a table with the following columns: Name (advisory ID), Type, Severity, Package (NEVRA), and Issued (date).
When --with-bz or --with-cve is specified, the first column shows the Bugzilla or CVE reference ID instead of the advisory name.
Installed advisory packages are highlighted in green.

info

Print detailed information about advisories.
For each matching advisory, displays: Name, Title, Severity, Type, Status, Vendor, Issued date, Description, Message, Rights, References (with Title, Id, Type, and URL), and affected packages/modules organized by collection.

summary

Print a summary count of advisories by type and severity.
Displays a hierarchical summary showing the number of advisories in each category:
Security (with subcategories: Critical, Important, Moderate, Low, Other), Bugfix, Enhancement, and Other.
The output header indicates the filter mode: Available (default), All, Installed, or Updates.

Options

--all

Show advisories containing any version of installed packages.

--available

Show advisories containing newer versions of installed packages. This is the default behavior.

--installed

Show advisories containing equal and older versions of installed packages.

--updates

Show advisories containing newer versions of installed packages for which a newer version is available.

--contains-pkgs=PACKAGE_NAME,...

Show only advisories containing packages with specified names.
This is a list option.
Only installed packages are matched. Globs are supported.

--security

Include content contained in security advisories.

--bugfix

Include content contained in bugfix advisories.

--enhancement

Include content contained in enhancement advisories.

--newpackage

Include content contained in newpackage advisories.

--advisory-severities=ADVISORY_SEVERITY,...

Include content contained in advisories with specified severity.
This is a list option.
Accepted values are: critical, important, moderate, low, none.

--bzs=BUGZILLA_ID,...

Include content contained in advisories that fix a ticket of the given Bugzilla ID.
This is a list option.
Expected values are numeric IDs, e.g. 123123.
Any transaction command (install, upgrade) will fail with an error if there is no advisory fixing the given ticket; this can be bypassed by using the --skip-unavailable switch.

--cves=CVE_ID,...

Include content contained in advisories that fix a ticket of the given CVE (Common Vulnerabilities and Exposures) ID.
This is a list option.
Expected values are string IDs in CVE format, e.g. CVE-2201-0123.
Any transaction command (install, upgrade) will fail with an error if there is no advisory fixing the given ticket; this can be bypassed by using the --skip-unavailable switch.

--with-bz

Show only advisories referencing a Bugzilla ticket.

--with-cve

Show only advisories referencing a CVE ticket.

--json

Request JSON output format for machine-readable results.
Available for list and info subcommands only.

Examples

dnf5 advisory info FEDORA-2022-07aa56297a

Show detailed info about advisory with given name.

dnf5 advisory summary --contains-pkgs=kernel,kernel-core --with-bz

Show a summary of advisories containing kernel or kernel-core packages and referencing any Bugzilla ticket.

dnf5 advisory list --security --advisory-severities=important

Show a list of security advisories or advisories with important severity.

dnf5 advisory list --json

List all advisories in JSON format for programmatic processing.

dnf5 advisory list --json --with-cve

List advisories with CVE references in JSON format (extended format).

dnf5 advisory info FEDORA-2022-07aa56297a --json

Show detailed info about advisory in JSON format.

JSON Output

dnf5 advisory list --json

The command returns a JSON array, each element describing one advisory.

Basic format (without --with-cve or --with-bz):

name (string) - Advisory identifier.
type (string) - Advisory type (security, bugfix, enhancement).
severity (string) - Advisory severity level.
nevra (string) - Package name-epoch:version-release.architecture.
buildtime (integer) - Advisory build time, UNIX time.

Extended format (with --with-cve or --with-bz):

advisory_name (string) - Advisory identifier.
advisory_type (string) - Advisory type (security, bugfix, enhancement).
advisory_severity (string) - Advisory severity level.
advisory_buildtime (integer) - Advisory build time, UNIX time.
nevra (string) - Package name-epoch:version-release.architecture.
references (array) - List of references (CVE/Bugzilla). Each reference contains:
- reference_id (string) - Reference identifier (e.g., CVE-2024-1234).
- reference_type (string) - Reference type (cve or bugzilla).
dnf5 advisory info --json

The command returns a JSON array, each element containing detailed advisory information. Each advisory object contains the following fields:

Name (string) - Advisory name/identifier.
Title (string) - Advisory title.
Type (string) - Advisory type (security, bugfix, enhancement).
Severity (string) - Advisory severity level.
Status (string) - Advisory status.
Vendor (string) - Advisory vendor.
Issued (integer) - Advisory issue time, UNIX time.
Description (string) - Detailed advisory description.
Message (string) - Advisory message.
Rights (string) - Advisory rights/copyright information.
references (array) - List of references (CVE, Bugzilla, etc.). Each reference contains:
- Title (string) - Reference title.
- Id (string) - Reference identifier (e.g., CVE-2024-1234).
- Type (string) - Reference type (cve, bugzilla, etc.).
- Url (string) - Reference URL.
collections (object) - Package and module collections affected by the advisory:
- packages (array) - List of affected package NEVRAs (only present if packages exist).
- modules (array) - List of affected module NSVCAs (only present if modules exist).

For empty results:

dnf5 advisory list --json returns [] (empty array).
dnf5 advisory info --json returns [] (empty array).

Author

See AUTHORS.md in dnf5 source distribution.

Copyright

Contributors to the dnf5 project.

Referenced By

dnf5(8), dnf5-do(8), dnf5-install(8), dnf5-repoquery(8), dnf5-upgrade(8).

The man page dnf-advisory(8) is an alias of dnf5-advisory(8).

Mar 02, 2026 dnf5