Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,634
Maven
5,000+
npm
4,259
NuGet
760
pip
4,052
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,989 advisories

Loading
The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to... Critical Unreviewed
CVE-2014-1203 was published May 13, 2022
The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19,... Critical Unreviewed
CVE-2017-15940 was published May 13, 2022
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that... High Unreviewed
CVE-2015-8971 was published May 13, 2022
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2... High Unreviewed
CVE-2017-15889 was published May 13, 2022
Apache Thrift Go Library Command Injection High
CVE-2016-5397 was published for github.com/apache/thrift (Go) May 13, 2022
picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command... Critical Unreviewed
CVE-2015-9059 was published May 13, 2022
The Screensavercc component in eLux RP before 5.5.0 allows attackers to bypass intended... Critical Unreviewed
CVE-2017-7977 was published May 13, 2022
IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated... High Unreviewed
CVE-2017-1407 was published May 13, 2022
Liferay Portal vulnerable to arbitrary command injection Moderate
CVE-2011-1571 was published for com.liferay.portal:portal-service (Maven) May 13, 2022
FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection... High Unreviewed
CVE-2017-2718 was published May 13, 2022
Command Injection in VIVO Vitro High
CVE-2019-6986 was published for org.vivoweb:vitro-project (Maven) May 13, 2022
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute... Critical Unreviewed
CVE-2015-2857 was published May 13, 2022
This command injection vulnerability in QTS allows attackers to run arbitrary commands in the... Critical Unreviewed
CVE-2017-7876 was published May 13, 2022
A remote code execution vulnerability exists in the way that the MSHTML engine inproperly... High Unreviewed
CVE-2019-0541 was published May 13, 2022
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if... High Unreviewed
CVE-2016-7076 was published May 13, 2022
A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local... High Unreviewed
CVE-2019-1646 was published May 13, 2022
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a... Low Unreviewed
CVE-2010-2008 was published May 13, 2022
Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper... Critical Unreviewed
CVE-2018-1000802 was published May 13, 2022
An issue was discovered on the D-Link DWR-932B router. qmiweb allows command injection with `... Critical Unreviewed
CVE-2016-10182 was published May 13, 2022
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim... Moderate Unreviewed
CVE-2010-4345 was published May 13, 2022
GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via... High Unreviewed
CVE-2014-7208 was published May 13, 2022
rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a... High Unreviewed
CVE-2019-1000018 was published May 13, 2022
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. High Unreviewed
CVE-2014-9114 was published May 13, 2022
Apache Directory Studio Command Injection High
CVE-2015-5349 was published for org.apache.directory.studio:org.apache.directory.studio.ldapbrowser.core (Maven) May 13, 2022
The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in... High Unreviewed
CVE-2016-6270 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database