Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

306 advisories

Loading
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special... Moderate Unreviewed
CVE-2021-21595 was published May 24, 2022
In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS... Moderate Unreviewed
CVE-2020-15955 was published May 24, 2022
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy... Moderate Unreviewed
CVE-2021-40994 was published May 24, 2022
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy... Moderate Unreviewed
CVE-2021-40995 was published May 24, 2022
Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker... Moderate Unreviewed
CVE-2021-26321 was published May 24, 2022
@actions/core has Delimiter Injection Vulnerability in exportVariable Moderate
CVE-2022-35954 was published for @actions/core (npm) Aug 18, 2022
jupenur
An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running... Moderate Unreviewed
CVE-2017-12094 was published May 13, 2022
The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and... Moderate Unreviewed
CVE-2014-3556 was published May 13, 2022
Potential CSV Injection vector in OctoberCMS Moderate
CVE-2020-5299 was published for october/backend (Composer) Jun 3, 2020
staz0t
Arbitrary Command Injection in portprocesses Moderate
CVE-2021-23348 was published for portprocesses (npm) Apr 6, 2021
omnitaint
Data races in noise_search Moderate
CVE-2020-36461 was published for noise_search (Rust) Aug 25, 2021
Script injection Moderate
CVE-2021-32660 was published for @backstage/techdocs-common (npm) Jun 4, 2021
Script injection Moderate
CVE-2021-32661 was published for @backstage/plugin-techdocs (npm) Jun 4, 2021
An attacker could inject commands to delete files and/or delete the contents of a file on CX... Moderate Unreviewed
CVE-2018-19013 was published May 13, 2022
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local... Moderate Unreviewed
CVE-2017-12330 was published May 13, 2022
A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System... Moderate Unreviewed
CVE-2017-12329 was published May 13, 2022
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local... Moderate Unreviewed
CVE-2017-12335 was published May 13, 2022
A command injection vulnerability exists in the Microsoft Wireless Display Adapter (MWDA) when... Moderate Unreviewed
CVE-2018-8306 was published May 13, 2022
Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send... Moderate Unreviewed
CVE-2015-6613 was published May 14, 2022
The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility ... Moderate Unreviewed
CVE-2015-2746 was published May 14, 2022
IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully... Moderate Unreviewed
CVE-2017-1720 was published May 14, 2022
The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before... Moderate Unreviewed
CVE-2014-4336 was published May 14, 2022
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local... Moderate Unreviewed
CVE-2017-12339 was published May 17, 2022
Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a... Moderate Unreviewed
CVE-2015-3716 was published May 17, 2022
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into... Moderate Unreviewed
CVE-2017-1352 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database