GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
221 advisories
Filter by severity
cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users...
Moderate
Unreviewed
CVE-2015-4336
was published
May 17, 2022
Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows...
Moderate
Unreviewed
CVE-2015-0934
was published
May 17, 2022
cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated...
Moderate
Unreviewed
CVE-2013-7418
was published
May 17, 2022
The web interface in BitTorrent allows remote attackers to execute arbitrary commands by...
Moderate
Unreviewed
CVE-2014-8515
was published
May 17, 2022
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0...
Moderate
Unreviewed
CVE-2022-40765
was published
Nov 22, 2022
In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read...
Moderate
Unreviewed
CVE-2019-12921
was published
May 24, 2022
iCatch DVR do not validate function parameter properly, resulting attackers executing arbitrary...
Moderate
Unreviewed
CVE-2020-10514
was published
May 24, 2022
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a...
Moderate
Unreviewed
CVE-2020-6811
was published
May 24, 2022
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability...
Moderate
Unreviewed
CVE-2019-17101
was published
May 24, 2022
Several potential command injections vulnerabilities exist in the AT command interface of ALEOS...
Moderate
Unreviewed
CVE-2019-11853
was published
May 24, 2022
Some Huawei products have a command injection vulnerability. Due to insufficient input validation...
Moderate
Unreviewed
CVE-2020-9127
was published
May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects...
Moderate
Unreviewed
CVE-2020-35791
was published
May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects...
Moderate
Unreviewed
CVE-2020-35793
was published
May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects...
Moderate
Unreviewed
CVE-2020-35790
was published
May 24, 2022
In netdiag, there is a possible command injection due to improper input validation. This could...
Moderate
Unreviewed
CVE-2021-0356
was published
May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects...
Moderate
Unreviewed
CVE-2020-35792
was published
May 24, 2022
Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads...
Moderate
Unreviewed
CVE-2020-27542
was published
May 24, 2022
In mobile_log_d, there is a possible command injection due to improper input validation. This...
Moderate
Unreviewed
CVE-2021-0364
was published
May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects...
Moderate
Unreviewed
CVE-2020-35794
was published
May 24, 2022
In netdiag, there is a possible command injection due to improper input validation. This could...
Moderate
Unreviewed
CVE-2021-0358
was published
May 24, 2022
In mobile_log_d, there is a possible command injection due to a missing bounds check. This could...
Moderate
Unreviewed
CVE-2021-0363
was published
May 24, 2022
Command Injection in Apache James
Moderate
CVE-2021-38542
was published
for
org.apache.james:james-server
(Maven)
Jan 8, 2022
A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the...
Moderate
Unreviewed
CVE-2021-28275
was published
Mar 24, 2022
In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses...
Moderate
Unreviewed
CVE-2021-38372
was published
May 24, 2022
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext...
Moderate
Unreviewed
CVE-2021-38373
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API