Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,071 advisories

Loading
Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command... Critical Unreviewed
CVE-2020-29311 was published May 24, 2022
An attacker is able to remotely inject arbitrary commands by sending especially crafted packets... Critical Unreviewed
CVE-2020-24634 was published May 24, 2022
This command injection vulnerability allows attackers to execute arbitrary commands in a... Critical Unreviewed
CVE-2019-7198 was published May 24, 2022
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1... Critical Unreviewed
CVE-2020-29381 was published May 24, 2022
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands... Critical Unreviewed
CVE-2019-19875 was published May 24, 2022
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P,... Critical Unreviewed
CVE-2020-29056 was published May 24, 2022
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system... Critical Unreviewed
CVE-2020-15929 was published May 24, 2022
tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute... Critical Unreviewed
CVE-2020-28347 was published May 24, 2022
A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave... Critical Unreviewed
CVE-2020-7128 was published May 24, 2022
A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or... Critical Unreviewed
CVE-2020-23639 was published May 24, 2022
If exploited, this command injection vulnerability could allow remote attackers to execute... Critical Unreviewed
CVE-2018-19950 was published May 24, 2022
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an... Critical Unreviewed
CVE-2020-7373 was published May 24, 2022
Winston 1.5.4 devices are vulnerable to command injection via the API. Critical Unreviewed
CVE-2020-16257 was published May 24, 2022
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary... Critical Unreviewed
CVE-2018-19949 was published May 24, 2022
An arbitrary command execution vulnerability exists in the fopen() function of file writes of... Critical Unreviewed
CVE-2020-25483 was published May 24, 2022
A command injection issue existed in Web Inspector. This issue was addressed with improved... Critical Unreviewed
CVE-2020-9862 was published May 24, 2022
A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3... Critical Unreviewed
CVE-2020-13347 was published May 24, 2022
An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter... Critical Unreviewed
CVE-2020-11698 was published May 24, 2022
SaltStack Salt is vulnerable to command injection Critical
CVE-2019-17361 was published for salt (pip) May 24, 2022
This command injection vulnerability in Music Station allows attackers to execute commands on the... Critical Unreviewed
CVE-2018-0729 was published May 24, 2022
A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for... Critical Unreviewed
CVE-2019-1584 was published May 24, 2022
JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for... Critical Unreviewed
CVE-2019-12736 was published May 24, 2022
Total.js CMS RCE Vulnerability Critical
CVE-2019-15954 was published for total4 (npm) May 24, 2022
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection... Critical Unreviewed
CVE-2019-7968 was published May 24, 2022
Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017... Critical Unreviewed
CVE-2019-8060 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database