Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,267 advisories

Loading
Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to... Critical Unreviewed
CVE-2022-31499 was published Aug 26, 2022
Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability.... Critical Unreviewed
CVE-2022-38078 was published Aug 25, 2022
TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in ... Critical Unreviewed
CVE-2021-42232 was published Aug 24, 2022
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote... Critical Unreviewed
CVE-2022-37061 was published Aug 19, 2022
The VR Calendar WordPress plugin through 2.2.2 lets any user execute arbitrary PHP functions on... Critical Unreviewed
CVE-2022-2314 was published Aug 16, 2022
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers... Critical Unreviewed
CVE-2022-20827 was published Aug 11, 2022
An os command injection vulnerability exists in the confsrv ucloud_add_node functionality of TCL... Critical Unreviewed
CVE-2022-22140 was published Aug 6, 2022
An os command injection vulnerability exists in the confsrv ucloud_add_new_node functionality of... Critical Unreviewed
CVE-2022-21178 was published Aug 6, 2022
Apache Hadoop argument injection vulnerability Critical
CVE-2022-25168 was published for org.apache.hadoop:hadoop-common (Maven) Aug 5, 2022
This affects all versions of package s3-kilatstorage. Critical Unreviewed
CVE-2020-28424 was published Aug 3, 2022
OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an... Critical Unreviewed
CVE-2022-23100 was published Jul 28, 2022
OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the... Critical Unreviewed
CVE-2022-24405 was published Jul 28, 2022
ffmpeg-sdk vulnerable to OS Command Injection Critical
CVE-2020-28435 was published for ffmpeg-sdk (npm) Jul 26, 2022
xopen is vulnerable to OS Command Injection in Exported Function xopen(filepath) Critical
CVE-2020-28447 was published for xopen (npm) Jul 26, 2022
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker... Critical Unreviewed
CVE-2022-20857 was published Jul 22, 2022
A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. This... Critical Unreviewed
CVE-2022-2486 was published Jul 21, 2022
A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This... Critical Unreviewed
CVE-2022-2487 was published Jul 21, 2022
A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue... Critical Unreviewed
CVE-2022-2488 was published Jul 21, 2022
thenify before 3.3.1 made use of unsafe calls to `eval`. Critical
CVE-2020-7677 was published for org.webjars.npm:thenify (Maven) Jul 18, 2022
Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled... Critical Unreviewed
CVE-2022-28373 was published Jul 15, 2022
Spryker Commerce OS 1.4.2 allows Remote Command Execution. Critical Unreviewed
CVE-2022-28888 was published Jul 14, 2022
Addressed a remote code execution vulnerability by resolving a command injection vulnerability... Critical Unreviewed
CVE-2022-22997 was published Jul 13, 2022
A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS... Critical Unreviewed
CVE-2022-2253 was published Jul 2, 2022
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities... Critical Unreviewed
CVE-2022-33328 was published Jul 1, 2022
Multiple command injection vulnerabilities exist in the web_server action endpoints... Critical Unreviewed
CVE-2022-33312 was published Jul 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database