Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,519
Maven
5,000+
npm
4,156
NuGet
736
pip
3,956
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,216 advisories

Loading
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware... Critical Unreviewed
CVE-2022-30525 was published May 13, 2022
The web console of FUJITSU Network IPCOM series (IPCOM EX2 IN(3200, 3500), IPCOM EX2 LB(1100,... Critical Unreviewed
CVE-2022-29516 was published May 19, 2022
A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier... Critical Unreviewed
CVE-2022-33186 was published Dec 9, 2022
Western Digital WD My Book Live (all versions) has a root Remote Command Execution bug via shell... Critical Unreviewed
CVE-2018-18472 was published May 24, 2022
Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution. Critical Unreviewed
CVE-2019-7269 was published May 24, 2022
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific... Critical Unreviewed
CVE-2022-3183 was published Dec 22, 2022
pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as... Critical Unreviewed
CVE-2022-40624 was published Dec 20, 2022
Linear eMerge E3-Series devices allow Command Injections. Critical Unreviewed
CVE-2019-7256 was published May 24, 2022
A vulnerability was found in Brave UX for-the-badge and classified as critical. Affected by this... Critical Unreviewed
CVE-2021-4281 was published Dec 26, 2022
Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability.... Critical Unreviewed
CVE-2022-38078 was published Aug 25, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... Critical Unreviewed
CVE-2021-36022 was published May 24, 2022
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive... Critical Unreviewed
CVE-2021-40113 was published May 24, 2022
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE Critical
CVE-2021-32682 was published for studio-42/elfinder (Composer) Jun 16, 2021
thomas-chauchefoin-sonarsource
Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an... Critical Unreviewed
CVE-2021-1140 was published May 24, 2022
wifey vulnerable to Command Injection due to improper input sanitization Critical
CVE-2022-25890 was published for wifey (npm) Jan 9, 2023
Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an... Critical Unreviewed
CVE-2021-1138 was published May 24, 2022
The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell... Critical Unreviewed
CVE-2020-16147 was published May 24, 2022
osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php,... Critical Unreviewed
CVE-2020-27976 was published May 24, 2022
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10... Critical Unreviewed
CVE-2020-6364 was published May 24, 2022
Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization... Critical Unreviewed
CVE-2020-27159 was published May 24, 2022
Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of... Critical Unreviewed
CVE-2020-27158 was published May 24, 2022
SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782,... Critical Unreviewed
CVE-2020-26838 was published May 24, 2022
iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX... Critical Unreviewed
CVE-2020-19142 was published May 24, 2022
Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between... Critical Unreviewed
CVE-2020-24719 was published May 24, 2022
A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow... Critical Unreviewed
CVE-2020-3586 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database