Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,874
Erlang
37
GitHub Actions
36
Go
2,520
Maven
5,000+
npm
4,160
NuGet
741
pip
3,961
Pub
12
RubyGems
946
Rust
1,028
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,219 advisories

Loading
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities... Critical Unreviewed
CVE-2022-33325 was published Jul 1, 2022
A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS... Critical Unreviewed
CVE-2022-2253 was published Jul 2, 2022
Addressed a remote code execution vulnerability by resolving a command injection vulnerability... Critical Unreviewed
CVE-2022-22997 was published Jul 13, 2022
A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This... Critical Unreviewed
CVE-2022-2487 was published Jul 21, 2022
Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled... Critical Unreviewed
CVE-2022-28373 was published Jul 15, 2022
Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine... Critical Unreviewed
CVE-2022-36566 was published Sep 1, 2022
Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users... Critical Unreviewed
CVE-2015-8151 was published May 17, 2022
OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the... Critical Unreviewed
CVE-2022-24405 was published Jul 28, 2022
A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. This... Critical Unreviewed
CVE-2022-2486 was published Jul 21, 2022
This affects all versions of package s3-kilatstorage. Critical Unreviewed
CVE-2020-28424 was published Aug 3, 2022
Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers... Critical Unreviewed
CVE-2016-1352 was published May 17, 2022
OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an... Critical Unreviewed
CVE-2022-23100 was published Jul 28, 2022
An os command injection vulnerability exists in the confsrv ucloud_add_new_node functionality of... Critical Unreviewed
CVE-2022-21178 was published Aug 6, 2022
ffmpeg-sdk vulnerable to OS Command Injection Critical
CVE-2020-28435 was published for ffmpeg-sdk (npm) Jul 26, 2022
xopen is vulnerable to OS Command Injection in Exported Function xopen(filepath) Critical
CVE-2020-28447 was published for xopen (npm) Jul 26, 2022
An os command injection vulnerability exists in the confsrv ucloud_add_node functionality of TCL... Critical Unreviewed
CVE-2022-22140 was published Aug 6, 2022
IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access... Critical Unreviewed
CVE-2016-3028 was published May 17, 2022
OS Command Injection in gogs Critical
CVE-2021-32546 was published for gogs.io/gogs (Go) Jun 2, 2022
unicorn-security-team
An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute... Critical Unreviewed
CVE-2016-6147 was published May 17, 2022
The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual... Critical Unreviewed
CVE-2015-7426 was published May 17, 2022
A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an... Critical Unreviewed
CVE-2022-44567 was published Dec 23, 2022
IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2022-45711 was published Dec 23, 2022
If exploited, this command injection vulnerability could allow remote attackers to execute... Critical Unreviewed
CVE-2018-19950 was published May 24, 2022
In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible... Critical Unreviewed
CVE-2022-30105 was published May 19, 2022
OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0. Critical Unreviewed
CVE-2022-1813 was published May 23, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database