Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,996 advisories

Loading
Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3... Critical Unreviewed
CVE-2018-14746 was published May 13, 2022
An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200... High Unreviewed
CVE-2018-15356 was published May 13, 2022
The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001... Critical Unreviewed
CVE-2018-17172 was published May 13, 2022
A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x... Critical Unreviewed
CVE-2018-17445 was published May 13, 2022
There was an command injection vulnerability in Sourcetree for Windows from version 0.5a before... High Unreviewed
CVE-2018-20236 was published May 13, 2022
In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command... Critical Unreviewed
CVE-2018-7785 was published May 13, 2022
A command injection vulnerability exists in the Microsoft Wireless Display Adapter (MWDA) when... Moderate Unreviewed
CVE-2018-8306 was published May 13, 2022
Command injection in workspace-tools Critical
CVE-2022-25865 was published for workspace-tools (npm) May 14, 2022
Apache Struts RCE Vulnerability High
CVE-2016-3081 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit... Critical Unreviewed
CVE-2019-7610 was published May 14, 2022
Centreon Command Injection High
CVE-2015-1561 was published for centreon/centreon (Composer) May 14, 2022
The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not... High Unreviewed
CVE-2014-5220 was published May 14, 2022
Puppet Arbitrary Command Execution Moderate
CVE-2012-1988 was published for puppet (RubyGems) May 14, 2022
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5)... Critical Unreviewed
CVE-2016-1555 was published May 14, 2022
An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command... High Unreviewed
CVE-2019-9743 was published May 14, 2022
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0... High Unreviewed
CVE-2015-4852 was published May 14, 2022
An issue was discovered in CMS Made Simple 2.2.8. It is possible, with an administrator account,... High Unreviewed
CVE-2019-9059 was published May 14, 2022
Donfig Command Injection in collect_yaml method Critical
CVE-2019-7537 was published for donfig (pip) May 14, 2022
Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2... High Unreviewed
CVE-2019-6275 was published May 14, 2022
Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27... High Unreviewed
CVE-2019-6272 was published May 14, 2022
The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7... Critical Unreviewed
CVE-2016-2002 was published May 14, 2022
Fileutils Command Injection vulnerability High
CVE-2013-2516 was published for fileutils (RubyGems) May 14, 2022
Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send... Moderate Unreviewed
CVE-2015-6613 was published May 14, 2022
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a... High Unreviewed
CVE-2016-10729 was published May 14, 2022
karo Metacharacter Handling Remote Command Execution Critical
CVE-2014-10075 was published for karo (RubyGems) May 14, 2022
jasnow
Credited to jasnow
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database