Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,992 advisories

Loading
image-tiler susceptible to command injection Critical
CVE-2020-28451 was published for image-tiler (npm) Aug 3, 2022
node-latex-pdf is susceptible to command injection Critical
CVE-2020-28433 was published for node-latex-pdf (npm) Aug 3, 2022
gitblame susceptible to command injection Critical
CVE-2020-28434 was published for gitblame (npm) Aug 3, 2022
A vulnerability was found in Exciting Printer and classified as critical. This issue affects some... Critical Unreviewed
CVE-2017-20156 was published Dec 31, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects... High Unreviewed
CVE-2021-38519 was published May 24, 2022
heroku-env susceptible to command injection Critical
CVE-2020-28437 was published for heroku-env (npm) Aug 3, 2022
Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering... Critical Unreviewed
CVE-2021-38173 was published May 24, 2022
get-npm-package-version Command Injection vulnerability Critical
CVE-2020-7795 was published for get-npm-package-version (npm) Aug 3, 2022
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext... Moderate Unreviewed
CVE-2021-38373 was published May 24, 2022
In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses... Moderate Unreviewed
CVE-2021-38372 was published May 24, 2022
Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/api_funct.py. High Unreviewed
CVE-2021-38169 was published May 24, 2022
In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in the adm.cgi binary,... Critical Unreviewed
CVE-2021-36707 was published May 24, 2022
A command injection vulnerability in HNAP1/GetNetworkTomographySettings of Motorola CX2 router CX... Critical Unreviewed
CVE-2020-21935 was published May 24, 2022
An instance of improper neutralization of special elements in the sniffer module of FortiSandbox... High Unreviewed
CVE-2021-22125 was published May 24, 2022
Command injection vulnerability in QSAN XEVO, SANOS allows remote unauthenticated attackers to... Critical Unreviewed
CVE-2021-32529 was published May 24, 2022
Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into... High Unreviewed
CVE-2020-23219 was published May 24, 2022
An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler.... High Unreviewed
CVE-2020-17759 was published May 24, 2022
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web... High Unreviewed
CVE-2021-34592 was published Apr 28, 2022
A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the... Moderate Unreviewed
CVE-2021-28275 was published Mar 24, 2022
An attacker could leverage an API to pass along a malicious file that could then manipulate the... Critical Unreviewed
CVE-2021-32933 was published Apr 3, 2022
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary... High Unreviewed
CVE-2021-28811 was published May 24, 2022
Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios. Critical Unreviewed
CVE-2020-28908 was published May 24, 2022
Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to... Critical Unreviewed
CVE-2020-28902 was published May 24, 2022
Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business... High Unreviewed
CVE-2021-1550 was published May 24, 2022
Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business... High Unreviewed
CVE-2021-1547 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database