Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,071 advisories

Loading
zend-mail remote code execution via Sendmail adapter Critical
CVE-2016-10034 was published for zendframework/zend-mail (Composer) May 14, 2022
karo Metacharacter Handling Remote Command Execution Critical
CVE-2014-10075 was published for karo (RubyGems) May 14, 2022
jasnow
Credited to jasnow
The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7... Critical Unreviewed
CVE-2016-2002 was published May 14, 2022
Donfig Command Injection in collect_yaml method Critical
CVE-2019-7537 was published for donfig (pip) May 14, 2022
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5)... Critical Unreviewed
CVE-2016-1555 was published May 14, 2022
Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit... Critical Unreviewed
CVE-2019-7610 was published May 14, 2022
Command injection in workspace-tools Critical
CVE-2022-25865 was published for workspace-tools (npm) May 14, 2022
In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command... Critical Unreviewed
CVE-2018-7785 was published May 13, 2022
A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x... Critical Unreviewed
CVE-2018-17445 was published May 13, 2022
The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001... Critical Unreviewed
CVE-2018-17172 was published May 13, 2022
Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3... Critical Unreviewed
CVE-2018-14746 was published May 13, 2022
Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build... Critical Unreviewed
CVE-2018-0714 was published May 13, 2022
Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and... Critical Unreviewed
CVE-2018-0718 was published May 13, 2022
Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build... Critical Unreviewed
CVE-2018-0712 was published May 13, 2022
Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows... Critical Unreviewed
CVE-2016-10329 was published May 13, 2022
A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware... Critical Unreviewed
CVE-2016-6558 was published May 13, 2022
It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using... Critical Unreviewed
CVE-2018-14649 was published May 13, 2022
A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and... Critical Unreviewed
CVE-2018-5439 was published May 13, 2022
A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on... Critical Unreviewed
CVE-2018-9866 was published May 13, 2022
The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to... Critical Unreviewed
CVE-2014-1203 was published May 13, 2022
The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19,... Critical Unreviewed
CVE-2017-15940 was published May 13, 2022
picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command... Critical Unreviewed
CVE-2015-9059 was published May 13, 2022
The Screensavercc component in eLux RP before 5.5.0 allows attackers to bypass intended... Critical Unreviewed
CVE-2017-7977 was published May 13, 2022
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute... Critical Unreviewed
CVE-2015-2857 was published May 13, 2022
This command injection vulnerability in QTS allows attackers to run arbitrary commands in the... Critical Unreviewed
CVE-2017-7876 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database