Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,267 advisories

Loading
Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of... Critical Unreviewed
CVE-2020-27158 was published May 24, 2022
Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization... Critical Unreviewed
CVE-2020-27159 was published May 24, 2022
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10... Critical Unreviewed
CVE-2020-6364 was published May 24, 2022
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5,... Critical Unreviewed
CVE-2020-25223 was published May 24, 2022
The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell... Critical Unreviewed
CVE-2020-16147 was published May 24, 2022
Magento command injection vulnerability Critical
CVE-2020-9583 was published for magento/community-edition (Composer) May 24, 2022
Magento command injection vulnerability Critical
CVE-2020-9582 was published for magento/community-edition (Composer) May 24, 2022
Magento command injection vulnerability Critical
CVE-2020-9576 was published for magento/community-edition (Composer) May 24, 2022
Magento command injection vulnerability Critical
CVE-2020-9578 was published for magento/community-edition (Composer) May 24, 2022
chrome-launcher subject to OS Command Injection Critical
CVE-2020-7645 was published for chrome-launcher (npm) May 24, 2022
furi0us333
Credited to furi0us333
Improper Neutralization of Special Elements used in an OS Command in Blamer Critical
CVE-2019-10807 was published for blamer (npm) May 24, 2022
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may execute arbitrary system... Critical Unreviewed
CVE-2019-12511 was published May 24, 2022
promise-probe OS command injection vulnerability Critical
CVE-2019-10791 was published for promise-probe (npm) May 24, 2022
A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2... Critical Unreviewed
CVE-2019-17095 was published May 24, 2022
A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the... Critical Unreviewed
CVE-2019-17096 was published May 24, 2022
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS... Critical Unreviewed
CVE-2019-19841 was published May 24, 2022
Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64... Critical Unreviewed
CVE-2020-5505 was published May 24, 2022
php-shellcommand command injection vulnerability Critical
CVE-2019-10774 was published for mikehaertl/php-shellcommand (Composer) May 24, 2022
Treekill Enables OS Command Injection Critical
CVE-2019-15598 was published for tree-kill (npm) May 24, 2022
The processCommandUploadLog() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and... Critical Unreviewed
CVE-2019-17364 was published May 24, 2022
processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2... Critical Unreviewed
CVE-2019-16730 was published May 24, 2022
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary... Critical Unreviewed
CVE-2019-3989 was published May 24, 2022
FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote... Critical Unreviewed
CVE-2019-18839 was published May 24, 2022
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by... Critical Unreviewed
CVE-2019-16662 was published May 24, 2022
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU... Critical Unreviewed
CVE-2019-14931 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database