Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,102 advisories

Loading
A crafted configuration packet sent by an authenticated administrative user can be used to... High Unreviewed
CVE-2021-23862 was published Dec 9, 2021
An issue was discovered in Poly EagleEye Director II before 2.2.2.1. os.system command injection... High Unreviewed
CVE-2022-26482 was published Jul 18, 2022
An issue was discovered in Poly Studio before 3.7.0. Command Injection can occur via the CN field... High Unreviewed
CVE-2022-26481 was published Jul 18, 2022
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities... Critical Unreviewed
CVE-2022-33325 was published Jul 1, 2022
IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2022-31767 was published Jun 25, 2022
Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the... Critical Unreviewed
CVE-2017-8768 was published May 17, 2022
A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager... High Unreviewed
CVE-2017-6597 was published May 17, 2022
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM... Critical Unreviewed
CVE-2017-2237 was published May 17, 2022
HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of... High Unreviewed
CVE-2022-33948 was published Jul 5, 2022
IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary... Critical Unreviewed
CVE-2017-1253 was published May 17, 2022
Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute... High Unreviewed
CVE-2021-36667 was published Jul 13, 2022
Command injection in git-it-electron Critical
CVE-2021-44685 was published for git-it-electron (npm) Dec 8, 2021
dwisiswant0
Credited to dwisiswant0
WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified... High Unreviewed
CVE-2017-2275 was published May 17, 2022
Multiple command injection vulnerabilities exist in the web_server action endpoints... Critical Unreviewed
CVE-2022-33314 was published Jul 1, 2022
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities... Critical Unreviewed
CVE-2022-33329 was published Jul 1, 2022
An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against... High Unreviewed
CVE-2016-6631 was published May 17, 2022
A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated... Moderate Unreviewed
CVE-2017-6606 was published May 17, 2022
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities... Critical Unreviewed
CVE-2022-33328 was published Jul 1, 2022
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities... Critical Unreviewed
CVE-2022-33326 was published Jul 1, 2022
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities... Critical Unreviewed
CVE-2022-33327 was published Jul 1, 2022
Multiple command injection vulnerabilities exist in the web_server action endpoints... Critical Unreviewed
CVE-2022-33312 was published Jul 1, 2022
Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of... Critical Unreviewed
CVE-2022-31885 was published Jun 29, 2022
Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as... High Unreviewed
CVE-2022-25048 was published Jul 8, 2022
Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could... Moderate Unreviewed
CVE-2016-6459 was published May 17, 2022
The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated... High Unreviewed
CVE-2016-6373 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database