Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,267 advisories

Loading
Multiple command injection vulnerabilities exist in the web_server action endpoints... Critical Unreviewed
CVE-2022-33314 was published Jul 1, 2022
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities... Critical Unreviewed
CVE-2022-33329 was published Jul 1, 2022
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities... Critical Unreviewed
CVE-2022-33326 was published Jul 1, 2022
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities... Critical Unreviewed
CVE-2022-33325 was published Jul 1, 2022
Multiple command injection vulnerabilities exist in the web_server action endpoints... Critical Unreviewed
CVE-2022-33313 was published Jul 1, 2022
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities... Critical Unreviewed
CVE-2022-33327 was published Jul 1, 2022
OS Command Injection in awesome spawn Critical
CVE-2014-0156 was published for awesome_spawn (RubyGems) Jul 1, 2022
BenK0lin
Credited to BenK0lin
Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of... Critical Unreviewed
CVE-2022-31885 was published Jun 29, 2022
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security... Critical Unreviewed
CVE-2022-28171 was published Jun 28, 2022
IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2022-31767 was published Jun 25, 2022
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be... Critical Unreviewed
CVE-2022-32534 was published Jun 24, 2022
The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injection. Critical Unreviewed
CVE-2022-26147 was published Jun 22, 2022
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further... Critical Unreviewed
CVE-2022-2068 was published Jun 22, 2022
An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8... Critical Unreviewed
CVE-2022-31794 was published Jun 21, 2022
An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8... Critical Unreviewed
CVE-2022-31795 was published Jun 21, 2022
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. An OS injection... Critical Unreviewed
CVE-2022-30329 was published Jun 17, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web... Critical Unreviewed
CVE-2022-30309 was published Jun 14, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x... Critical Unreviewed
CVE-2022-30310 was published Jun 14, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x... Critical Unreviewed
CVE-2022-30311 was published Jun 14, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web... Critical Unreviewed
CVE-2022-30308 was published Jun 14, 2022
A vulnerability was found in OpenNetAdmin 18.1.1. It has been rated as critical. Affected by this... Critical Unreviewed
CVE-2019-25065 was published Jun 10, 2022
OS Command Injection in cookiecutter Critical
CVE-2022-24065 was published for cookiecutter (pip) Jun 9, 2022
OS Command Injection in file editor in Gogs Critical
CVE-2022-1986 was published for gogs.io/gogs (Go) Jun 8, 2022
1135
Credited to 1135
An unauthenticated attacker can update the hostname with a specially crafted name that will allow... Critical Unreviewed
CVE-2022-31479 was published Jun 7, 2022
TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely... Critical Unreviewed
CVE-2021-42872 was published Jun 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database