Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,267 advisories

Loading
Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users... Critical Unreviewed
CVE-2015-8151 was published May 17, 2022
ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated... Critical Unreviewed
CVE-2017-6077 was published May 17, 2022
An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM_MACRO_NAME POST parameter... Critical Unreviewed
CVE-2016-10043 was published May 17, 2022
Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the... Critical Unreviewed
CVE-2017-8768 was published May 17, 2022
I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute... Critical Unreviewed
CVE-2016-7806 was published May 17, 2022
Command Injection in Pygments Critical
CVE-2015-8557 was published for Pygments (pip) May 17, 2022
tdunlap607
Credited to tdunlap607
NfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell... Critical Unreviewed
CVE-2017-7175 was published May 17, 2022
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM... Critical Unreviewed
CVE-2017-2237 was published May 17, 2022
IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary... Critical Unreviewed
CVE-2017-1253 was published May 17, 2022
"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to... Critical Unreviewed
CVE-2017-10832 was published May 17, 2022
Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices... Critical Unreviewed
CVE-2017-14127 was published May 17, 2022
enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for... Critical Unreviewed
CVE-2017-14135 was published May 17, 2022
The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and... Critical Unreviewed
CVE-2015-4642 was published May 17, 2022
Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands... Critical Unreviewed
CVE-2015-3431 was published May 17, 2022
SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the... Critical Unreviewed
CVE-2017-9736 was published May 17, 2022
I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php... Critical Unreviewed
CVE-2017-1000235 was published May 17, 2022
The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by... Critical Unreviewed
CVE-2017-16934 was published May 17, 2022
PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute arbitrary OS commands via... Critical Unreviewed
CVE-2017-10902 was published May 17, 2022
GitPHP by xiphux is vulnerable to OS Command Injections Critical Unreviewed
CVE-2017-1000214 was published May 17, 2022
The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie before 5.0.0a-2.3+deb8u1,... Critical Unreviewed
CVE-2016-1253 was published May 17, 2022
Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by... Critical Unreviewed
CVE-2017-17055 was published May 17, 2022
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy... Critical Unreviewed
CVE-2022-23664 was published May 17, 2022
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy... Critical Unreviewed
CVE-2022-23662 was published May 17, 2022
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy... Critical Unreviewed
CVE-2022-23665 was published May 17, 2022
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy... Critical Unreviewed
CVE-2022-23666 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database