Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

221 advisories

Loading
In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS... Moderate Unreviewed
CVE-2020-15955 was published May 24, 2022
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special... Moderate Unreviewed
CVE-2021-21595 was published May 24, 2022
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy... Moderate Unreviewed
CVE-2021-40994 was published May 24, 2022
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy... Moderate Unreviewed
CVE-2021-40995 was published May 24, 2022
Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker... Moderate Unreviewed
CVE-2021-26321 was published May 24, 2022
@actions/core has Delimiter Injection Vulnerability in exportVariable Moderate
CVE-2022-35954 was published for @actions/core (npm) Aug 18, 2022
jupenur
An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running... Moderate Unreviewed
CVE-2017-12094 was published May 13, 2022
The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and... Moderate Unreviewed
CVE-2014-3556 was published May 13, 2022
Potential CSV Injection vector in OctoberCMS Moderate
CVE-2020-5299 was published for october/backend (Composer) Jun 3, 2020
staz0t
Arbitrary Command Injection in portprocesses Moderate
CVE-2021-23348 was published for portprocesses (npm) Apr 6, 2021
omnitaint
Data races in noise_search Moderate
CVE-2020-36461 was published for noise_search (Rust) Aug 25, 2021
Script injection Moderate
CVE-2021-32661 was published for @backstage/plugin-techdocs (npm) Jun 4, 2021
Script injection Moderate
CVE-2021-32660 was published for @backstage/techdocs-common (npm) Jun 4, 2021
An attacker could inject commands to delete files and/or delete the contents of a file on CX... Moderate Unreviewed
CVE-2018-19013 was published May 13, 2022
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local... Moderate Unreviewed
CVE-2017-12330 was published May 13, 2022
A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System... Moderate Unreviewed
CVE-2017-12329 was published May 13, 2022
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local... Moderate Unreviewed
CVE-2017-12335 was published May 13, 2022
A command injection vulnerability exists in the Microsoft Wireless Display Adapter (MWDA) when... Moderate Unreviewed
CVE-2018-8306 was published May 13, 2022
Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send... Moderate Unreviewed
CVE-2015-6613 was published May 14, 2022
The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility ... Moderate Unreviewed
CVE-2015-2746 was published May 14, 2022
IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully... Moderate Unreviewed
CVE-2017-1720 was published May 14, 2022
The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before... Moderate Unreviewed
CVE-2014-4336 was published May 14, 2022
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local... Moderate Unreviewed
CVE-2017-12339 was published May 17, 2022
Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a... Moderate Unreviewed
CVE-2015-3716 was published May 17, 2022
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into... Moderate Unreviewed
CVE-2017-1352 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API