Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,100 advisories

Loading
OS Command Injection in git-pull-or-clone Critical
CVE-2022-24437 was published for git-pull-or-clone (npm) May 3, 2022
lirantal
Credited to lirantal
Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java... High Unreviewed
CVE-2010-1423 was published May 2, 2022
The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using... High Unreviewed
CVE-2010-1132 was published May 2, 2022
The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super... High Unreviewed
CVE-2010-0934 was published May 2, 2022
The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote... High Unreviewed
CVE-2010-0418 was published May 2, 2022
Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated... High Unreviewed
CVE-2009-4644 was published May 2, 2022
The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute... Moderate Unreviewed
CVE-2009-4498 was published May 2, 2022
Argument injection vulnerability in the traceroute function in Traceroute.php in the... High Unreviewed
CVE-2009-4025 was published May 2, 2022
changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell... High Unreviewed
CVE-2009-3233 was published May 2, 2022
statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via... High Unreviewed
CVE-2009-2288 was published May 2, 2022
Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0... High Unreviewed
CVE-2009-2011 was published May 2, 2022
dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell... High Unreviewed
CVE-2009-1916 was published May 2, 2022
The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka S3DPlayer StandAlone) 1.6.2... High Unreviewed
CVE-2009-1792 was published May 2, 2022
Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users... Moderate Unreviewed
CVE-2009-0854 was published May 2, 2022
Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to... Moderate Unreviewed
CVE-2009-0848 was published May 2, 2022
Indexed Search Engine for TYPO3 Command Execution via Metacharacter Injection High
CVE-2009-0258 was published for typo3/cms (Composer) May 2, 2022
general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary... High Unreviewed
CVE-2008-4304 was published May 2, 2022
The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute... High Unreviewed
CVE-2008-3076 was published May 1, 2022
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted... High Unreviewed
CVE-2008-3074 was published May 1, 2022
cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via... Moderate Unreviewed
CVE-2008-2575 was published May 1, 2022
eBay Enhanced Picture Uploader ActiveX control (EPUWALcontrol.dll) before 1.0.27 allows remote... High Unreviewed
CVE-2008-2475 was published May 1, 2022
Unspecified vulnerability in Sun Solaris 8 directory functions allows local users to cause a... Moderate Unreviewed
CVE-2008-1115 was published May 1, 2022
The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and... High Unreviewed
CVE-2007-5653 was published May 1, 2022
Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX control in Microsoft Visual... High Unreviewed
CVE-2007-5322 was published May 1, 2022
A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0... Moderate Unreviewed
CVE-2007-4891 was published May 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database