Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,093 advisories

Loading
There is command injection when ddns processes the hostname, which causes the administrator user... High Unreviewed
CVE-2020-14102 was published May 24, 2022
A remote execution of arbitrary commandss vulnerability was discovered in Aruba Airwave Software... High Unreviewed
CVE-2020-24632 was published May 24, 2022
A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software... High Unreviewed
CVE-2020-24631 was published May 24, 2022
Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the... High Unreviewed
CVE-2020-35606 was published May 24, 2022
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious... High Unreviewed
CVE-2020-7384 was published May 24, 2022
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This... High Unreviewed
CVE-2020-35798 was published May 24, 2022
This command injection vulnerability allows attackers to execute arbitrary commands in a... High Unreviewed
CVE-2020-25847 was published May 24, 2022
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA... High Unreviewed
CVE-2020-19664 was published May 24, 2022
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... High Unreviewed
CVE-2020-8101 was published May 24, 2022
Command Injection in the CPE WAN Management Protocol (CWMP) registration in Amino Communications... High Unreviewed
CVE-2020-10209 was published May 24, 2022
NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an authenticated user. High Unreviewed
CVE-2020-35789 was published May 24, 2022
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local... High Unreviewed
CVE-2021-1382 was published May 24, 2022
The NDN-210 has a web administration panel which is made available over https. There is a command... High Unreviewed
CVE-2020-17504 was published May 24, 2022
The NDN-210 has a web administration panel which is made available over https. There is a command... High Unreviewed
CVE-2020-17503 was published May 24, 2022
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited,... High Unreviewed
CVE-2020-2508 was published May 24, 2022
If exploited, the command injection vulnerability could allow remote attackers to execute... High Unreviewed
CVE-2020-2490 was published May 24, 2022
IBM Security Guardium 10.6 and 11.2 could allow a local attacker to execute arbitrary commands on... High Unreviewed
CVE-2020-4688 was published May 24, 2022
The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped... High Unreviewed
CVE-2022-22744 was published Dec 22, 2022
IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow a user on the local network who... High Unreviewed
CVE-2020-4983 was published May 24, 2022
TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's ... High Unreviewed
CVE-2020-25499 was published May 24, 2022
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0... High Unreviewed
CVE-2021-26576 was published May 24, 2022
Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user... High Unreviewed
CVE-2020-24899 was published May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects... High Unreviewed
CVE-2021-29072 was published May 24, 2022
The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi... High Unreviewed
CVE-2020-7848 was published May 24, 2022
A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01... High Unreviewed
CVE-2020-29664 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database