Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,278 advisories

Loading
Jenkins Pipeline: Multibranch Plugin vulnerable to OS Command Injection High
CVE-2022-25175 was published for org.jenkins-ci.plugins.workflow:workflow-multibranch (Maven) Feb 16, 2022
daniel-beck
Credited to daniel-beck
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Shared Groovy Libraries Plugin High
CVE-2022-25174 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
westonsteimel
Credited to westonsteimel
Exposure of server configuration in github.com/go-vela/server High
CVE-2020-26294 was published for github.com/go-vela/compiler (Go) Feb 15, 2022
matt-fevold wass3r
Credited to matt-fevold and wass3r
OS Command Injection in Microweber High
CVE-2022-0557 was published for microweber/microweber (Composer) Feb 12, 2022
OS Command Injection and Command Injection in kill-port-process High
CVE-2019-15609 was published for kill-port-process (npm) Feb 10, 2022
OS Command Injection in systeminformation High
CVE-2020-7778 was published for systeminformation (npm) Feb 9, 2022
OS Command Injection in ansible High
CVE-2020-1734 was published for ansible (pip) Feb 9, 2022
Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 firmware v1.05 and earlier,... High Unreviewed
CVE-2022-21173 was published Feb 9, 2022
A improper neutralization of special elements used in an os command ('os command injection') in... High Unreviewed
CVE-2021-43073 was published Feb 8, 2022
Improper neutralization of special elements used in an OS command ('OS Command Injection')... High Unreviewed
CVE-2021-43928 was published Feb 8, 2022
A improper neutralization of special elements used in an os command ('os command injection') in... High Unreviewed
CVE-2021-41018 was published Feb 3, 2022
Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An... High Unreviewed
CVE-2020-28885 was published Jan 29, 2022
Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An... High Unreviewed
CVE-2020-28884 was published Jan 29, 2022
An OS command injection vulnerability exists in the device network settings functionality of... High Unreviewed
CVE-2021-40411 was published Jan 29, 2022
An OS command injection vulnerability exists in the device network settings functionality of... High Unreviewed
CVE-2021-40410 was published Jan 29, 2022
An OScommand injection vulnerability exists in the device network settings functionality of... High Unreviewed
CVE-2021-40412 was published Jan 29, 2022
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code... High Unreviewed
CVE-2021-36295 was published Jan 27, 2022
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code... High Unreviewed
CVE-2021-36296 was published Jan 27, 2022
Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an... High Unreviewed
CVE-2021-45844 was published Jan 26, 2022
The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an... High Unreviewed
CVE-2021-45845 was published Jan 26, 2022
Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain... High Unreviewed
CVE-2021-43589 was published Jan 25, 2022
A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local... High Unreviewed
CVE-2021-31854 was published Jan 20, 2022
IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote authenticated attacker... High Unreviewed
CVE-2021-38965 was published Jan 18, 2022
The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the... High Unreviewed
CVE-2021-33827 was published Jan 16, 2022
OS command execution vulnerability in Jenkins Docker Commons Plugin High
CVE-2022-20617 was published for org.jenkins-ci.plugins:docker-commons (Maven) Jan 13, 2022
westonsteimel
Credited to westonsteimel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database