Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

221 advisories

Loading
cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users... Moderate Unreviewed
CVE-2015-4336 was published May 17, 2022
Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows... Moderate Unreviewed
CVE-2015-0934 was published May 17, 2022
cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated... Moderate Unreviewed
CVE-2013-7418 was published May 17, 2022
The web interface in BitTorrent allows remote attackers to execute arbitrary commands by... Moderate Unreviewed
CVE-2014-8515 was published May 17, 2022
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0... Moderate Unreviewed
CVE-2022-40765 was published Nov 22, 2022
In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read... Moderate Unreviewed
CVE-2019-12921 was published May 24, 2022
iCatch DVR do not validate function parameter properly, resulting attackers executing arbitrary... Moderate Unreviewed
CVE-2020-10514 was published May 24, 2022
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a... Moderate Unreviewed
CVE-2020-6811 was published May 24, 2022
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Moderate Unreviewed
CVE-2019-17101 was published May 24, 2022
Several potential command injections vulnerabilities exist in the AT command interface of ALEOS... Moderate Unreviewed
CVE-2019-11853 was published May 24, 2022
Some Huawei products have a command injection vulnerability. Due to insufficient input validation... Moderate Unreviewed
CVE-2020-9127 was published May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects... Moderate Unreviewed
CVE-2020-35791 was published May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects... Moderate Unreviewed
CVE-2020-35793 was published May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects... Moderate Unreviewed
CVE-2020-35790 was published May 24, 2022
In netdiag, there is a possible command injection due to improper input validation. This could... Moderate Unreviewed
CVE-2021-0356 was published May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects... Moderate Unreviewed
CVE-2020-35792 was published May 24, 2022
Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads... Moderate Unreviewed
CVE-2020-27542 was published May 24, 2022
In mobile_log_d, there is a possible command injection due to improper input validation. This... Moderate Unreviewed
CVE-2021-0364 was published May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects... Moderate Unreviewed
CVE-2020-35794 was published May 24, 2022
In netdiag, there is a possible command injection due to improper input validation. This could... Moderate Unreviewed
CVE-2021-0358 was published May 24, 2022
In mobile_log_d, there is a possible command injection due to a missing bounds check. This could... Moderate Unreviewed
CVE-2021-0363 was published May 24, 2022
Command Injection in Apache James Moderate
CVE-2021-38542 was published for org.apache.james:james-server (Maven) Jan 8, 2022
A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the... Moderate Unreviewed
CVE-2021-28275 was published Mar 24, 2022
In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses... Moderate Unreviewed
CVE-2021-38372 was published May 24, 2022
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext... Moderate Unreviewed
CVE-2021-38373 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API