GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,984
Erlang
29
GitHub Actions
16
Go
1,771
Maven
4,995
npm
3,541
NuGet
617
pip
3,117
Pub
10
RubyGems
838
Rust
788
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
815 advisories
Filter by severity
The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by...
High
Unreviewed
CVE-2016-4446
was published
May 17, 2022
Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command...
High
Unreviewed
CVE-2022-34540
was published
Jul 20, 2022
IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands...
High
Unreviewed
CVE-2016-0396
was published
May 17, 2022
Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute...
High
Unreviewed
CVE-2016-4929
was published
May 17, 2022
The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection...
High
Unreviewed
CVE-2016-9553
was published
May 17, 2022
setroubleshoot allows local users to bypass an intended container protection mechanism and...
High
Unreviewed
CVE-2016-4989
was published
May 17, 2022
The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to...
High
Unreviewed
CVE-2015-4046
was published
May 17, 2022
Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now...
High
Unreviewed
CVE-2015-8988
was published
May 17, 2022
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities...
High
Unreviewed
CVE-2017-6183
was published
May 17, 2022
Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in...
High
Unreviewed
CVE-2016-6534
was published
May 17, 2022
The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a...
High
Unreviewed
CVE-2016-9554
was published
May 17, 2022
A malformed SMI (System Management Interface) command may allow an attacker to establish a...
High
Unreviewed
CVE-2021-26384
was published
Jul 15, 2022
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < 2.15.1), RUGGEDCOM...
High
Unreviewed
CVE-2022-29560
was published
Jul 13, 2022
Shanghai Feixun Data Communication Technology Co., Ltd router fir302b A2 was discovered to...
High
Unreviewed
CVE-2022-27373
was published
Jul 20, 2022
Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command...
High
Unreviewed
CVE-2022-34539
was published
Jul 20, 2022
The devtools.sh script in AXIS network cameras allows remote authenticated users to execute...
High
Unreviewed
CVE-2015-8257
was published
May 17, 2022
Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allows attackers with...
High
Unreviewed
CVE-2016-8801
was published
May 17, 2022
Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute...
High
Unreviewed
CVE-2016-10322
was published
May 17, 2022
The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to...
High
Unreviewed
CVE-2016-4445
was published
May 17, 2022
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.
High
Unreviewed
CVE-2016-5067
was published
May 17, 2022
A crafted configuration packet sent by an authenticated administrative user can be used to...
High
Unreviewed
CVE-2021-23862
was published
Dec 9, 2021
Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4...
High
Unreviewed
CVE-2022-28935
was published
Jul 7, 2022
Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10...
High
Unreviewed
CVE-2017-4054
was published
May 17, 2022
default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary...
High
Unreviewed
CVE-2014-8990
was published
May 17, 2022
piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor.
High
Unreviewed
CVE-2021-40553
was published
Jun 29, 2022
ProTip!
Advisories are also available from the
GraphQL API