Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,140
Maven
5,000+
npm
3,800
NuGet
687
pip
3,478
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

867 advisories

Loading
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell... Critical Unreviewed
CVE-2018-18322 was published May 13, 2022
Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0... Critical Unreviewed
CVE-2018-17565 was published May 13, 2022
On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell... Critical Unreviewed
CVE-2018-17787 was published May 13, 2022
nmap4j 1.1.0 allows attackers to execute arbitrary commands via shell metacharacters in an... Critical Unreviewed
CVE-2018-17228 was published May 13, 2022
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used... Critical Unreviewed
CVE-2018-17064 was published May 13, 2022
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used... Critical Unreviewed
CVE-2018-17066 was published May 13, 2022
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used... Critical Unreviewed
CVE-2018-17068 was published May 13, 2022
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used... Critical Unreviewed
CVE-2018-17063 was published May 13, 2022
RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the... Critical Unreviewed
CVE-2018-16184 was published May 13, 2022
The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4... Critical Unreviewed
CVE-2018-16144 was published May 13, 2022
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell... Critical Unreviewed
CVE-2018-14933 was published May 13, 2022
System command injection in the /DroboPix/api/drobopix/demo endpoint on Drobo 5N2 NAS version 4.0... Critical Unreviewed
CVE-2018-14706 was published May 13, 2022
System command injection in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5... Critical Unreviewed
CVE-2018-14699 was published May 13, 2022
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9... Critical Unreviewed
CVE-2018-14558 was published May 13, 2022
System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to... Critical Unreviewed
CVE-2018-13354 was published May 13, 2022
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to... Critical Unreviewed
CVE-2018-13336 was published May 13, 2022
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to... Critical Unreviewed
CVE-2018-13338 was published May 13, 2022
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to... Critical Unreviewed
CVE-2018-13311 was published May 13, 2022
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to... Critical Unreviewed
CVE-2018-13316 was published May 13, 2022
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to... Critical Unreviewed
CVE-2018-13314 was published May 13, 2022
System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute... Critical Unreviewed
CVE-2018-13307 was published May 13, 2022
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to... Critical Unreviewed
CVE-2018-13306 was published May 13, 2022
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3,... Critical Unreviewed
CVE-2018-1235 was published May 13, 2022
acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metacharacters in a username or... Critical Unreviewed
CVE-2018-12268 was published May 13, 2022
OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system... Critical Unreviewed
CVE-2018-12313 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database