Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,152
Maven
5,000+
npm
3,816
NuGet
692
pip
3,492
Pub
12
RubyGems
902
Rust
900
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,139 advisories

Loading
A malformed SMI (System Management Interface) command may allow an attacker to establish a... High Unreviewed
CVE-2021-26384 was published Jul 15, 2022
Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in... High Unreviewed
CVE-2016-6534 was published May 17, 2022
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities... High Unreviewed
CVE-2017-6183 was published May 17, 2022
Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now... High Unreviewed
CVE-2015-8988 was published May 17, 2022
The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to... High Unreviewed
CVE-2015-4046 was published May 17, 2022
setroubleshoot allows local users to bypass an intended container protection mechanism and... High Unreviewed
CVE-2016-4989 was published May 17, 2022
The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection... High Unreviewed
CVE-2016-9553 was published May 17, 2022
Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute... High Unreviewed
CVE-2016-4929 was published May 17, 2022
IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands... High Unreviewed
CVE-2016-0396 was published May 17, 2022
Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command... High Unreviewed
CVE-2022-34540 was published Jul 20, 2022
The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by... High Unreviewed
CVE-2016-4446 was published May 17, 2022
The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary... High Unreviewed
CVE-2016-4444 was published May 17, 2022
Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command... High Unreviewed
CVE-2022-34538 was published Jul 20, 2022
A command-injection vulnerability exists in a web application on a custom-built GoAhead web... High Unreviewed
CVE-2017-5675 was published May 17, 2022
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions... High Unreviewed
CVE-2016-6649 was published May 17, 2022
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to... High Unreviewed
CVE-2015-1938 was published May 17, 2022
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to... High Unreviewed
CVE-2015-1949 was published May 17, 2022
The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote... High Unreviewed
CVE-2015-2265 was published May 17, 2022
D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via... High Unreviewed
CVE-2022-34527 was published Jul 30, 2022
BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link. High Unreviewed
CVE-2015-2846 was published May 17, 2022
Unsanitized input when setting a locale file leads to shell injection in mIPC camera firmware 5.3... High Unreviewed
CVE-2022-40785 was published Sep 27, 2022
The Parental Control panel in Genexis devices with DRGOS before 1.14.1 allows remote... High Unreviewed
CVE-2015-3441 was published May 17, 2022
Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell... High Unreviewed
CVE-2015-5082 was published May 17, 2022
git-archive vulnerable to Command Injection via exports function High
CVE-2020-28422 was published for git-archive (npm) Jul 26, 2022
Realtek rtl819x-SDK before v3.6.1 allows command injection over the web interface. High Unreviewed
CVE-2022-29558 was published Jul 29, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database