Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,101 advisories

Loading
The setSystemTime function in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and... High Unreviewed
CVE-2018-6831 was published May 13, 2022
An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5... High Unreviewed
CVE-2018-6791 was published May 13, 2022
Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to... High Unreviewed
CVE-2018-6222 was published May 13, 2022
A server auth command injection authentication bypass vulnerability in Trend Micro Smart... Critical Unreviewed
CVE-2018-6231 was published May 13, 2022
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the... Critical Unreviewed
CVE-2018-5347 was published May 13, 2022
Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow authenticated users to... High Unreviewed
CVE-2018-20727 was published May 13, 2022
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form... Critical Unreviewed
CVE-2018-20218 was published May 13, 2022
An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import... High Unreviewed
CVE-2018-19908 was published May 13, 2022
Shell Metacharacter Injection in www/modules/save.php in FruityWifi (aka PatatasFritas/PatataWifi... Critical Unreviewed
CVE-2018-19168 was published May 13, 2022
In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote... Critical Unreviewed
CVE-2018-19290 was published May 13, 2022
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03... Critical Unreviewed
CVE-2018-18728 was published May 13, 2022
The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new... High Unreviewed
CVE-2018-18600 was published May 13, 2022
A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows... High Unreviewed
CVE-2018-18638 was published May 13, 2022
A sandbox escape issue was discovered in VyOS 1.1.8. It provides a restricted management shell... Critical Unreviewed
CVE-2018-18555 was published May 13, 2022
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell... Critical Unreviewed
CVE-2018-18322 was published May 13, 2022
The Port Forwarding functionality on DASAN H660GW devices allows remote attackers to execute... High Unreviewed
CVE-2018-17867 was published May 13, 2022
Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0... Critical Unreviewed
CVE-2018-17565 was published May 13, 2022
On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell... Critical Unreviewed
CVE-2018-17787 was published May 13, 2022
Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker... High Unreviewed
CVE-2018-17208 was published May 13, 2022
nmap4j 1.1.0 allows attackers to execute arbitrary commands via shell metacharacters in an... Critical Unreviewed
CVE-2018-17228 was published May 13, 2022
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used... Critical Unreviewed
CVE-2018-17064 was published May 13, 2022
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used... Critical Unreviewed
CVE-2018-17068 was published May 13, 2022
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used... Critical Unreviewed
CVE-2018-17066 was published May 13, 2022
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used... Critical Unreviewed
CVE-2018-17063 was published May 13, 2022
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate()... High Unreviewed
CVE-2018-16741 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database