Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,267 advisories

Loading
On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1... Critical Unreviewed
CVE-2017-11588 was published May 13, 2022
A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows... Critical Unreviewed
CVE-2017-11381 was published May 13, 2022
Codiad Vulnerable to Shell Command Injection Critical
CVE-2017-11366 was published for codiad/codiad (Composer) May 13, 2022
PIDUsage Enables OS Command Injection Critical
CVE-2017-1000220 was published for pidusage (npm) May 13, 2022
mattberry3
Credited to mattberry3
ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection... Critical Unreviewed
CVE-2017-1000215 was published May 13, 2022
Mercurial is vulnerable to shell injection attack Critical
CVE-2017-1000116 was published for mercurial (pip) May 13, 2022
OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1... Critical Unreviewed
CVE-2017-3936 was published May 13, 2022
A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could... Critical Unreviewed
CVE-2017-6714 was published May 13, 2022
In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the... Critical Unreviewed
CVE-2018-19007 was published May 13, 2022
The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default... Critical Unreviewed
CVE-2018-5553 was published May 13, 2022
Within multiple XEROX products a vulnerability allows remote command execution on the Linux... Critical Unreviewed
CVE-2019-10880 was published May 13, 2022
System command injection in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5... Critical Unreviewed
CVE-2018-14701 was published May 13, 2022
Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras... Critical Unreviewed
CVE-2017-17105 was published May 13, 2022
cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote attackers to execute... Critical Unreviewed
CVE-2017-18025 was published May 13, 2022
Mercurial vulnerable to arbitrary code injection Critical
CVE-2017-17458 was published for mercurial (pip) May 13, 2022
Akeneo PIM vulnerable to shell injection in the mass edition Critical
CVE-2017-1000009 was published for akeneo/pim-community-dev (Composer) May 13, 2022
elFinder command injection vulnerability in the PHP connector Critical
CVE-2019-9194 was published for studio-42/elfinder (Composer) May 13, 2022
An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively.... Critical Unreviewed
CVE-2019-9121 was published May 13, 2022
daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via... Critical Unreviewed
CVE-2019-8427 was published May 13, 2022
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An... Critical Unreviewed
CVE-2019-4202 was published May 13, 2022
The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05... Critical Unreviewed
CVE-2018-20122 was published May 13, 2022
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote... Critical Unreviewed
CVE-2018-14357 was published May 13, 2022
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote... Critical Unreviewed
CVE-2018-14354 was published May 13, 2022
A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to... Critical Unreviewed
CVE-2018-0349 was published May 13, 2022
smalruby and smalruby-editor vulnerable to OS Command Injection Critical
CVE-2017-2096 was published for smalruby (RubyGems) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database