Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,104 advisories

Loading
Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. Critical Unreviewed
CVE-2018-14494 was published May 24, 2022
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4,... High Unreviewed
CVE-2019-6621 was published May 24, 2022
Prima Systems FlexAir devices allow Authenticated Command Injection resulting in Root Remote Code... High Unreviewed
CVE-2019-7670 was published May 24, 2022
OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2... Critical Unreviewed
CVE-2019-11829 was published May 24, 2022
In Loopchain through 2.2.1.3, an attacker can escalate privileges from a low-privilege shell by... High Unreviewed
CVE-2019-12997 was published May 24, 2022
Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and... High Unreviewed
CVE-2019-3631 was published May 24, 2022
Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and... High Unreviewed
CVE-2019-3630 was published May 24, 2022
A shell escape vulnerability in /webconsole/APIController in the API Configuration component of... High Unreviewed
CVE-2018-16118 was published May 24, 2022
A vulnerability in the Cisco Discovery Protocol (CDP) implementation for the Cisco TelePresence... High Unreviewed
CVE-2019-1878 was published May 24, 2022
A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an... High Unreviewed
CVE-2019-1879 was published May 24, 2022
Western Digital WD My Book Live (all versions) has a root Remote Command Execution bug via shell... Critical Unreviewed
CVE-2018-18472 was published May 24, 2022
VTech Storio Max before 56.D3JM6 allows remote command execution via shell metacharacters in an... Critical Unreviewed
CVE-2018-16618 was published May 24, 2022
The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Shell... High Unreviewed
CVE-2018-16593 was published May 24, 2022
app/operator_panel/exec.php in the Operator Panel module in FreePBX 4.4.3 suffers from a command... High Unreviewed
CVE-2019-11409 was published May 24, 2022
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux. High Unreviewed
CVE-2019-12181 was published May 24, 2022
In OrangeHRM 4.3.1 and before, there is an input validation error within admin... High Unreviewed
CVE-2019-12839 was published May 24, 2022
All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by... High Unreviewed
CVE-2019-3409 was published May 24, 2022
All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution... Critical Unreviewed
CVE-2019-3412 was published May 24, 2022
HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow... Critical Unreviewed
CVE-2018-20841 was published May 24, 2022
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the... Critical Unreviewed
CVE-2019-12780 was published May 24, 2022
Command injection is possible in ThinStation through 6.1.1 via shell metacharacters after the cgi... Critical Unreviewed
CVE-2019-12771 was published May 24, 2022
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an... High Unreviewed
CVE-2018-10702 was published May 24, 2022
An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping... High Unreviewed
CVE-2018-10697 was published May 24, 2022
Gemalto DS3 Authentication Server 2.6.1-SP01 allows OS Command Injection. High Unreviewed
CVE-2019-9156 was published May 24, 2022
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient... Critical Unreviewed
CVE-2019-10149 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database