Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,374
Erlang
33
GitHub Actions
22
Go
2,139
Maven
5,000+
npm
3,800
NuGet
687
pip
3,478
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

866 advisories

Loading
On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1... Critical Unreviewed
CVE-2017-11588 was published May 13, 2022
A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows... Critical Unreviewed
CVE-2017-11381 was published May 13, 2022
ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection... Critical Unreviewed
CVE-2017-1000215 was published May 13, 2022
OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1... Critical Unreviewed
CVE-2017-3936 was published May 13, 2022
A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could... Critical Unreviewed
CVE-2017-6714 was published May 13, 2022
In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the... Critical Unreviewed
CVE-2018-19007 was published May 13, 2022
The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default... Critical Unreviewed
CVE-2018-5553 was published May 13, 2022
Within multiple XEROX products a vulnerability allows remote command execution on the Linux... Critical Unreviewed
CVE-2019-10880 was published May 13, 2022
System command injection in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5... Critical Unreviewed
CVE-2018-14701 was published May 13, 2022
Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras... Critical Unreviewed
CVE-2017-17105 was published May 13, 2022
cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote attackers to execute... Critical Unreviewed
CVE-2017-18025 was published May 13, 2022
An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively.... Critical Unreviewed
CVE-2019-9121 was published May 13, 2022
daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via... Critical Unreviewed
CVE-2019-8427 was published May 13, 2022
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An... Critical Unreviewed
CVE-2019-4202 was published May 13, 2022
The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05... Critical Unreviewed
CVE-2018-20122 was published May 13, 2022
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote... Critical Unreviewed
CVE-2018-14357 was published May 13, 2022
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote... Critical Unreviewed
CVE-2018-14354 was published May 13, 2022
A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to... Critical Unreviewed
CVE-2018-0349 was published May 13, 2022
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities,... Critical Unreviewed
CVE-2019-6552 was published May 13, 2022
FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary... Critical Unreviewed
CVE-2018-17317 was published May 13, 2022
Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900... Critical Unreviewed
CVE-2018-9285 was published May 13, 2022
An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified... Critical Unreviewed
CVE-2015-6435 was published May 13, 2022
On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS... Critical Unreviewed
CVE-2018-20114 was published May 13, 2022
GNU Bash through 4.3 processes trailing strings after function definitions in the values of... Critical Unreviewed
CVE-2014-6271 was published May 13, 2022
An Improper Neutralization of Special Elements (in an OS command) issue was discovered in... Critical Unreviewed
CVE-2017-5173 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database