Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,120 advisories

Loading
Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization... Critical Unreviewed
CVE-2020-27159 was published May 24, 2022
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10... Critical Unreviewed
CVE-2020-6364 was published May 24, 2022
osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php,... Critical Unreviewed
CVE-2020-27976 was published May 24, 2022
The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell... Critical Unreviewed
CVE-2020-16147 was published May 24, 2022
Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an... Critical Unreviewed
CVE-2021-1138 was published May 24, 2022
wifey vulnerable to Command Injection due to improper input sanitization Critical
CVE-2022-25890 was published for wifey (npm) Jan 9, 2023
Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an... Critical Unreviewed
CVE-2021-1140 was published May 24, 2022
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE Critical
CVE-2021-32682 was published for studio-42/elfinder (Composer) Jun 16, 2021
thomas-chauchefoin-sonarsource
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive... Critical Unreviewed
CVE-2021-40113 was published May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... Critical Unreviewed
CVE-2021-36022 was published May 24, 2022
Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability.... Critical Unreviewed
CVE-2022-38078 was published Aug 25, 2022
A vulnerability was found in Brave UX for-the-badge and classified as critical. Affected by this... Critical Unreviewed
CVE-2021-4281 was published Dec 26, 2022
Linear eMerge E3-Series devices allow Command Injections. Critical Unreviewed
CVE-2019-7256 was published May 24, 2022
pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as... Critical Unreviewed
CVE-2022-40624 was published Dec 20, 2022
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific... Critical Unreviewed
CVE-2022-3183 was published Dec 22, 2022
Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution. Critical Unreviewed
CVE-2019-7269 was published May 24, 2022
Western Digital WD My Book Live (all versions) has a root Remote Command Execution bug via shell... Critical Unreviewed
CVE-2018-18472 was published May 24, 2022
A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier... Critical Unreviewed
CVE-2022-33186 was published Dec 9, 2022
The web console of FUJITSU Network IPCOM series (IPCOM EX2 IN(3200, 3500), IPCOM EX2 LB(1100,... Critical Unreviewed
CVE-2022-29516 was published May 19, 2022
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware... Critical Unreviewed
CVE-2022-30525 was published May 13, 2022
OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0. Critical Unreviewed
CVE-2022-1813 was published May 23, 2022
In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible... Critical Unreviewed
CVE-2022-30105 was published May 19, 2022
If exploited, this command injection vulnerability could allow remote attackers to execute... Critical Unreviewed
CVE-2018-19950 was published May 24, 2022
IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2022-45711 was published Dec 23, 2022
A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an... Critical Unreviewed
CVE-2022-44567 was published Dec 23, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database