GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,600
Composer 5,005
Erlang 39
GitHub Actions 38
Go 2,635
Maven 6,103
npm 4,262
NuGet 760
pip 4,057
Pub 12
RubyGems 956
Rust 1,054
Swift 45

Unreviewed advisories

All unreviewed 276,442

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

2,990 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her... High Unreviewed

CVE-2020-25557 was published May 24, 2022

An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php... High Unreviewed

CVE-2020-25538 was published May 24, 2022

tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute... Critical Unreviewed

CVE-2020-28347 was published May 24, 2022

A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave... Critical Unreviewed

CVE-2020-7128 was published May 24, 2022

A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software... High Unreviewed

CVE-2020-7129 was published May 24, 2022

A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or... Critical Unreviewed

CVE-2020-23639 was published May 24, 2022

If exploited, this command injection vulnerability could allow remote attackers to execute... Critical Unreviewed

CVE-2018-19950 was published May 24, 2022

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an... Critical Unreviewed

CVE-2020-7373 was published May 24, 2022

Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious... High Unreviewed

CVE-2020-7384 was published May 24, 2022

Winston 1.5.4 devices are vulnerable to command injection via the API. Critical Unreviewed

CVE-2020-16257 was published May 24, 2022

If exploited, this command injection vulnerability could allow remote attackers to run arbitrary... Critical Unreviewed

CVE-2018-19949 was published May 24, 2022

An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand... High Unreviewed

CVE-2020-27187 was published May 24, 2022

A remote execution of arbitrary commandss vulnerability was discovered in Aruba Airwave Software... High Unreviewed

CVE-2020-24632 was published May 24, 2022

A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software... High Unreviewed

CVE-2020-24631 was published May 24, 2022

An arbitrary command execution vulnerability exists in the fopen() function of file writes of... Critical Unreviewed

CVE-2020-25483 was published May 24, 2022

Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote,... High Unreviewed

CVE-2020-5792 was published May 24, 2022

A command injection issue existed in Web Inspector. This issue was addressed with improved... Critical Unreviewed

CVE-2020-9862 was published May 24, 2022

A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3... Critical Unreviewed

CVE-2020-13347 was published May 24, 2022

D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary... High Unreviewed

CVE-2020-26582 was published May 24, 2022

An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter... Critical Unreviewed

CVE-2020-11698 was published May 24, 2022

u'In the lbd service, an external user can issue a specially crafted debug command to overwrite... High Unreviewed

CVE-2020-11117 was published May 24, 2022

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02... High Unreviewed

CVE-2020-25079 was published May 24, 2022

Several potential command injections vulnerabilities exist in the AT command interface of ALEOS... Moderate Unreviewed

CVE-2019-11853 was published May 24, 2022

DrayTek Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1 is affected by a remote... High Unreviewed

CVE-2020-14472 was published May 24, 2022

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an... High Unreviewed

CVE-2020-3224 was published May 24, 2022

Previous 1…87…120 Next

Previous 1 2 … 85 86 87 88 89 … 119 120 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

2,990 advisories