Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,640
Maven
5,000+
npm
4,265
NuGet
760
pip
4,061
Pub
12
RubyGems
956
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,996 advisories

Loading
QNAP discovered a number of command injection vulnerabilities found in Music Station versions 4.8... Critical Unreviewed
CVE-2017-13069 was published May 17, 2022
The login page of the server on Huawei FusionServer rack servers RH2288 V3 with software before... Critical Unreviewed
CVE-2015-7841 was published May 17, 2022
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to... High Unreviewed
CVE-2015-6971 was published May 17, 2022
scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell... High Unreviewed
CVE-2015-5704 was published May 17, 2022
Proxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions... High Unreviewed
CVE-2017-14081 was published May 17, 2022
Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a... Moderate Unreviewed
CVE-2015-3716 was published May 17, 2022
AppleThunderboltEDMService in Apple OS X before 10.10.4 allows local users to gain privileges or... High Unreviewed
CVE-2015-3678 was published May 17, 2022
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into... Moderate Unreviewed
CVE-2017-1352 was published May 17, 2022
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8... High Unreviewed
CVE-2016-0861 was published May 17, 2022
run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent... High Unreviewed
CVE-2014-7209 was published May 17, 2022
canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute... High Unreviewed
CVE-2013-7416 was published May 17, 2022
Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists... Critical Unreviewed
CVE-2014-5009 was published May 17, 2022
Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2... High Unreviewed
CVE-2013-2810 was published May 17, 2022
A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows... Moderate Unreviewed
CVE-2012-4086 was published May 17, 2022
Command inject in transfer from another server in extplorer 2.1.9 and prior allows attacker to... High Unreviewed
CVE-2017-12756 was published May 17, 2022
IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5... High Unreviewed
CVE-2014-8903 was published May 17, 2022
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0... High Unreviewed
CVE-2017-11391 was published May 17, 2022
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0... High Unreviewed
CVE-2017-11392 was published May 17, 2022
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233... High Unreviewed
CVE-2016-0920 was published May 17, 2022
scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1... Critical Unreviewed
CVE-2016-7399 was published May 17, 2022
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability... Moderate Unreviewed
CVE-2016-9873 was published May 17, 2022
In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the "PING" (aka tag_ipPing)... Critical Unreviewed
CVE-2017-9980 was published May 17, 2022
Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10... High Unreviewed
CVE-2017-4054 was published May 17, 2022
VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection... Critical Unreviewed
CVE-2017-4918 was published May 17, 2022
default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary... High Unreviewed
CVE-2014-8990 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database