Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,653
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,938
npm
3,471
NuGet
603
pip
2,985
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+

211 advisories

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects... Moderate Unreviewed
CVE-2020-35791 was published May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects... Moderate Unreviewed
CVE-2020-35792 was published May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects... Moderate Unreviewed
CVE-2020-35793 was published May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects... Moderate Unreviewed
CVE-2020-35794 was published May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects... Moderate Unreviewed
CVE-2020-35790 was published May 24, 2022
Some Huawei products have a command injection vulnerability. Due to insufficient input validation... Moderate Unreviewed
CVE-2020-9127 was published May 24, 2022
Several potential command injections vulnerabilities exist in the AT command interface of ALEOS... Moderate Unreviewed
CVE-2019-11853 was published May 24, 2022
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Moderate Unreviewed
CVE-2019-17101 was published May 24, 2022
iCatch DVR do not validate function parameter properly, resulting attackers executing arbitrary... Moderate Unreviewed
CVE-2020-10514 was published May 24, 2022
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a... Moderate Unreviewed
CVE-2020-6811 was published May 24, 2022
In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read... Moderate Unreviewed
CVE-2019-12921 was published May 24, 2022
cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246). Moderate Unreviewed
CVE-2017-18442 was published May 24, 2022
cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82). Moderate Unreviewed
CVE-2016-10849 was published May 24, 2022
Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones... Moderate Unreviewed
CVE-2018-20523 was published May 24, 2022
The web interface in BitTorrent allows remote attackers to execute arbitrary commands by... Moderate Unreviewed
CVE-2014-8515 was published May 17, 2022
cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated... Moderate Unreviewed
CVE-2013-7418 was published May 17, 2022
Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows... Moderate Unreviewed
CVE-2015-0934 was published May 17, 2022
cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users... Moderate Unreviewed
CVE-2015-4336 was published May 17, 2022
rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to... Moderate Unreviewed
CVE-2015-5274 was published May 17, 2022
Zenoss Core through 5 Beta 3 does not require a password for modifying the pager command string,... Moderate Unreviewed
CVE-2014-6260 was published May 17, 2022
Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute... Moderate Unreviewed
CVE-2015-5453 was published May 17, 2022
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote... Moderate Unreviewed
CVE-2014-7285 was published May 17, 2022
Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x... Moderate Unreviewed
CVE-2014-8630 was published May 17, 2022
An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version... Moderate Unreviewed
CVE-2016-9337 was published May 17, 2022
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible... Moderate Unreviewed
CVE-2017-6184 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API