Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,086
Maven
5,000+
npm
3,747
NuGet
674
pip
3,436
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

311 advisories

Loading
A command injection vulnerability in Juniper Networks NorthStar Controller Application prior to... Moderate Unreviewed
CVE-2017-2324 was published May 17, 2022
Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is... Moderate Unreviewed
CVE-2014-9622 was published May 17, 2022
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability... Moderate Unreviewed
CVE-2016-9873 was published May 17, 2022
A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows... Moderate Unreviewed
CVE-2012-4086 was published May 17, 2022
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into... Moderate Unreviewed
CVE-2017-1352 was published May 17, 2022
Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a... Moderate Unreviewed
CVE-2015-3716 was published May 17, 2022
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local... Moderate Unreviewed
CVE-2017-12339 was published May 17, 2022
The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before... Moderate Unreviewed
CVE-2014-4336 was published May 14, 2022
IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully... Moderate Unreviewed
CVE-2017-1720 was published May 14, 2022
The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility ... Moderate Unreviewed
CVE-2015-2746 was published May 14, 2022
Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send... Moderate Unreviewed
CVE-2015-6613 was published May 14, 2022
Puppet Arbitrary Command Execution Moderate
CVE-2012-1988 was published for puppet (RubyGems) May 14, 2022
A command injection vulnerability exists in the Microsoft Wireless Display Adapter (MWDA) when... Moderate Unreviewed
CVE-2018-8306 was published May 13, 2022
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local... Moderate Unreviewed
CVE-2017-12335 was published May 13, 2022
A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System... Moderate Unreviewed
CVE-2017-12329 was published May 13, 2022
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local... Moderate Unreviewed
CVE-2017-12330 was published May 13, 2022
An attacker could inject commands to delete files and/or delete the contents of a file on CX... Moderate Unreviewed
CVE-2018-19013 was published May 13, 2022
The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and... Moderate Unreviewed
CVE-2014-3556 was published May 13, 2022
An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running... Moderate Unreviewed
CVE-2017-12094 was published May 13, 2022
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Moderate Unreviewed
CVE-2022-25619 was published Mar 31, 2022
A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the... Moderate Unreviewed
CVE-2021-28275 was published Mar 24, 2022
Command injection in strapi Moderate
CVE-2022-0764 was published for strapi (npm) Feb 27, 2022
Command Injection in Apache Kylin Moderate
CVE-2021-45456 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
Command Injection in Apache James Moderate
CVE-2021-38542 was published for org.apache.james:james-server (Maven) Jan 8, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects... Moderate Unreviewed
CVE-2021-45533 was published Dec 27, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database