Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,640
Maven
5,000+
npm
4,265
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,996 advisories

Loading
A remote code execution vulnerability exists in the way that the MSHTML engine inproperly... High Unreviewed
CVE-2019-0541 was published May 13, 2022
This command injection vulnerability in QTS allows attackers to run arbitrary commands in the... Critical Unreviewed
CVE-2017-7876 was published May 13, 2022
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute... Critical Unreviewed
CVE-2015-2857 was published May 13, 2022
Command Injection in VIVO Vitro High
CVE-2019-6986 was published for org.vivoweb:vitro-project (Maven) May 13, 2022
FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection... High Unreviewed
CVE-2017-2718 was published May 13, 2022
Liferay Portal vulnerable to arbitrary command injection Moderate
CVE-2011-1571 was published for com.liferay.portal:portal-service (Maven) May 13, 2022
IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated... High Unreviewed
CVE-2017-1407 was published May 13, 2022
The Screensavercc component in eLux RP before 5.5.0 allows attackers to bypass intended... Critical Unreviewed
CVE-2017-7977 was published May 13, 2022
picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command... Critical Unreviewed
CVE-2015-9059 was published May 13, 2022
Apache Thrift Go Library Command Injection High
CVE-2016-5397 was published for github.com/apache/thrift (Go) May 13, 2022
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2... High Unreviewed
CVE-2017-15889 was published May 13, 2022
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that... High Unreviewed
CVE-2015-8971 was published May 13, 2022
The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19,... Critical Unreviewed
CVE-2017-15940 was published May 13, 2022
The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to... Critical Unreviewed
CVE-2014-1203 was published May 13, 2022
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to... High Unreviewed
CVE-2019-3920 was published May 13, 2022
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to... High Unreviewed
CVE-2019-3919 was published May 13, 2022
A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on... Critical Unreviewed
CVE-2018-9866 was published May 13, 2022
A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and... Critical Unreviewed
CVE-2018-5439 was published May 13, 2022
The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco... High Unreviewed
CVE-2018-5428 was published May 13, 2022
Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21... High Unreviewed
CVE-2018-1244 was published May 13, 2022
The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and... High Unreviewed
CVE-2018-1212 was published May 13, 2022
An attacker could inject commands to delete files and/or delete the contents of a file on CX... Moderate Unreviewed
CVE-2018-19013 was published May 13, 2022
It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using... Critical Unreviewed
CVE-2018-14649 was published May 13, 2022
A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could... High Unreviewed
CVE-2018-0454 was published May 13, 2022
A vulnerability in the web-based management interface of Cisco Integrated Management Controller ... High Unreviewed
CVE-2018-0431 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database