Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,279 advisories

Loading
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and... High Unreviewed
CVE-2018-16200 was published May 14, 2022
An exploitable authenticated command-injection vulnerability exists in the web server... High Unreviewed
CVE-2018-19659 was published May 14, 2022
An exploitable authenticated command-injection vulnerability exists in the web server... High Unreviewed
CVE-2018-19660 was published May 14, 2022
The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and... High Unreviewed
CVE-2015-0525 was published May 14, 2022
An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command... High Unreviewed
CVE-2019-7298 was published May 14, 2022
LifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command... High Unreviewed
CVE-2019-7632 was published May 14, 2022
BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the... High Unreviewed
CVE-2018-0677 was published May 14, 2022
The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an... High Unreviewed
CVE-2018-12237 was published May 14, 2022
The Sky Elite 6.0L+ Android device with a build fingerprint of SKY/x6069_trx_l601_sky... High Unreviewed
CVE-2018-15007 was published May 14, 2022
The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows... High Unreviewed
CVE-2010-1885 was published May 14, 2022
** DISPUTED ** Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote... High Unreviewed
CVE-2018-7046 was published May 14, 2022
The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not... High Unreviewed
CVE-2018-7187 was published May 14, 2022
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13... High Unreviewed
CVE-2018-8735 was published May 14, 2022
www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote... High Unreviewed
CVE-2018-20323 was published May 14, 2022
Improper Neutralization of Special Elements used in an OS Command in Apache ActiveMQ High
CVE-2014-3576 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
An issue was discovered on D-Link DSL-3782 devices with firmware 1.01. An OS command injection... High Unreviewed
CVE-2018-17990 was published May 14, 2022
An issue was discovered on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. The... High Unreviewed
CVE-2018-5757 was published May 14, 2022
On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an... High Unreviewed
CVE-2019-11001 was published May 14, 2022
backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as... High Unreviewed
CVE-2017-16667 was published May 14, 2022
OS Command Injection in Jenkins High
CVE-2017-1000393 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
CouchDB administrative users can configure the database server via HTTP(S). Some of the... High Unreviewed
CVE-2017-12636 was published May 14, 2022
Elasticsearch Logstash allows remote attackers to execute arbitrary commands High
CVE-2014-4326 was published for logstash (RubyGems) May 14, 2022
postmodern tdeo
Credited to postmodern and tdeo
Certain Anaconda3 2021.05 are affected by OS command injection. When a user installs Anaconda, an... High Unreviewed
CVE-2021-42969 was published May 14, 2022
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile,... High Unreviewed
CVE-2017-17405 was published May 13, 2022
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing... High Unreviewed
CVE-2018-9077 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database