Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,102 advisories

Loading
The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0... High Unreviewed
CVE-2015-5690 was published May 17, 2022
install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to... High Unreviewed
CVE-2015-6008 was published May 17, 2022
Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote... Moderate Unreviewed
CVE-2015-7901 was published May 17, 2022
PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users... Moderate Unreviewed
CVE-2015-7774 was published May 17, 2022
McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and... High Unreviewed
CVE-2015-8024 was published May 17, 2022
The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS... Moderate Unreviewed
CVE-2016-1320 was published May 17, 2022
The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and... Critical Unreviewed
CVE-2015-4642 was published May 17, 2022
cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2... High Unreviewed
CVE-2016-5679 was published May 17, 2022
The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute... High Unreviewed
CVE-2015-6396 was published May 14, 2022
Ruckus Wireless H500 web management interface authenticated command injection High Unreviewed
CVE-2016-1000216 was published May 17, 2022
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an... High Unreviewed
CVE-2016-2876 was published May 17, 2022
Neo4J vulnerable to Cross-Site Request Forgery High
CVE-2013-7259 was published for org.neo4j:neo4j (Maven) May 17, 2022
An OS Command Injection vulnerability exists in the Infinxt iEdge 100 2.1.32 Troubleshoot module,... Moderate Unreviewed
CVE-2025-26055 was published Apr 1, 2025
Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users,... High Unreviewed
CVE-2022-40005 was published Dec 25, 2022
IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple command injection... Critical Unreviewed
CVE-2022-45709 was published Dec 23, 2022
IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2022-45717 was published Dec 23, 2022
TOTOLINK A800R V4.1.2cu.5137_B20200730 contains a remote command execution vulnerability in the... Critical Unreviewed
CVE-2025-28138 was published Mar 27, 2025
Drupal AI Vulnerable to OS Command Injection Moderate
CVE-2025-31693 was published for drupal/ai (Composer) Apr 1, 2025
The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command... Critical Unreviewed
CVE-2025-28137 was published Apr 15, 2025
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed
CVE-2023-25699 was published Apr 3, 2024
Duplicate Advisory: D-Tale Command Injection vulnerability Critical
CVE-2025-0655 was published for dtale (pip) Mar 20, 2025 withdrawn
OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters... Critical Unreviewed
CVE-2019-25024 was published May 24, 2022
Elasticsearch Logstash allows remote attackers to execute arbitrary commands High
CVE-2014-4326 was published for logstash (RubyGems) May 14, 2022
postmodern tdeo
Credited to postmodern and tdeo
Whoogle allows attackers to execute arbitrary code via supplying a crafted search query High
CVE-2024-53305 was published for whoogle-search (pip) Apr 16, 2025
Tenda F1203 V2.0.1.6 was discovered to contain a command injection vulnerability via the mac... Critical Unreviewed
CVE-2022-46538 was published Dec 20, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database