Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,800
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,005
NuGet
720
pip
3,805
Pub
12
RubyGems
927
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+

494 advisories

Loading
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be... Moderate Unreviewed
CVE-2021-22864 was published May 24, 2022
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave... Moderate Unreviewed
CVE-2021-26970 was published May 24, 2022
In netdiag, there is a possible command injection due to improper input validation. This could... Moderate Unreviewed
CVE-2021-0358 was published May 24, 2022
In mobile_log_d, there is a possible command injection due to a missing bounds check. This could... Moderate Unreviewed
CVE-2021-0363 was published May 24, 2022
In mobile_log_d, there is a possible command injection due to improper input validation. This... Moderate Unreviewed
CVE-2021-0364 was published May 24, 2022
In netdiag, there is a possible command injection due to improper input validation. This could... Moderate Unreviewed
CVE-2021-0356 was published May 24, 2022
Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads... Moderate Unreviewed
CVE-2020-27542 was published May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects... Moderate Unreviewed
CVE-2020-35792 was published May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects... Moderate Unreviewed
CVE-2020-35791 was published May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects... Moderate Unreviewed
CVE-2020-35794 was published May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects... Moderate Unreviewed
CVE-2020-35793 was published May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects... Moderate Unreviewed
CVE-2020-35790 was published May 24, 2022
Some Huawei products have a command injection vulnerability. Due to insufficient input validation... Moderate Unreviewed
CVE-2020-9127 was published May 24, 2022
Several potential command injections vulnerabilities exist in the AT command interface of ALEOS... Moderate Unreviewed
CVE-2019-11853 was published May 24, 2022
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Moderate Unreviewed
CVE-2019-17101 was published May 24, 2022
iCatch DVR do not validate function parameter properly, resulting attackers executing arbitrary... Moderate Unreviewed
CVE-2020-10514 was published May 24, 2022
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a... Moderate Unreviewed
CVE-2020-6811 was published May 24, 2022
In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read... Moderate Unreviewed
CVE-2019-12921 was published May 24, 2022
cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246). Moderate Unreviewed
CVE-2017-18442 was published May 24, 2022
cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82). Moderate Unreviewed
CVE-2016-10849 was published May 24, 2022
Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones... Moderate Unreviewed
CVE-2018-20523 was published May 24, 2022
The web interface in BitTorrent allows remote attackers to execute arbitrary commands by... Moderate Unreviewed
CVE-2014-8515 was published May 17, 2022
cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated... Moderate Unreviewed
CVE-2013-7418 was published May 17, 2022
Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows... Moderate Unreviewed
CVE-2015-0934 was published May 17, 2022
cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users... Moderate Unreviewed
CVE-2015-4336 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database