Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,100 advisories

Loading
Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows... High Unreviewed
CVE-2007-4673 was published May 1, 2022
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to... High Unreviewed
CVE-2007-4560 was published May 1, 2022
Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote... Moderate Unreviewed
CVE-2007-4041 was published May 1, 2022
The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before... High Unreviewed
CVE-2006-6427 was published May 1, 2022
Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the... High Unreviewed
CVE-2006-0325 was published May 1, 2022
vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to... High Unreviewed
CVE-2005-2368 was published May 1, 2022
Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute arbitrary commands via... High Unreviewed
CVE-2002-1898 was published Apr 30, 2022
calendar.php in vBulletin before 2.2.0 allows remote attackers to execute arbitrary commands via... High Unreviewed
CVE-2002-1660 was published Apr 30, 2022
Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute... High Unreviewed
CVE-2002-0061 was published Apr 30, 2022
lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary... High Unreviewed
CVE-2001-1583 was published Apr 30, 2022
Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup"... High Unreviewed
CVE-1999-0043 was published Apr 30, 2022
USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent... High Unreviewed
CVE-2022-29937 was published Apr 30, 2022
nbmember.cgi in Netbilling 2.0 allows remote attackers to obtain sensitive information via the... Moderate Unreviewed
CVE-2004-2732 was published Apr 29, 2022
Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in... High Unreviewed
CVE-2003-0041 was published Apr 29, 2022
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a... Critical Unreviewed
CVE-2021-46422 was published Apr 28, 2022
In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification,... High Unreviewed
CVE-2021-46441 was published Apr 28, 2022
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web... High Unreviewed
CVE-2021-34602 was published Apr 28, 2022
ballcat-codegen template engine remote code execution injection High
CVE-2022-24881 was published for com.hccake:ballcat-codegen (Maven) Apr 27, 2022
LuckyT0mat0
Credited to LuckyT0mat0
Disputed: OS Command injection in github.com/kardianos/service High
CVE-2022-29583 was published for github.com/kardianos/service (Go) Apr 23, 2022 withdrawn
masinger
Credited to masinger
Command injection in git-interface Critical
CVE-2022-1440 was published for git-interface (npm) Apr 23, 2022
lirantal
Credited to lirantal
A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is... Critical Unreviewed
CVE-2011-2195 was published Apr 22, 2022
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on... High Unreviewed
CVE-2011-2523 was published Apr 22, 2022
Zoho ManageEngine ADSelfService Plus before 6122 allows an authenticated user to achieve remote... High Unreviewed
CVE-2022-28810 was published Apr 19, 2022
OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4... High Unreviewed
CVE-2022-27188 was published Apr 16, 2022
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco... High Unreviewed
CVE-2022-20718 was published Apr 16, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database