Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

955 advisories

Loading
sonar-wrapper Command Injection vulnerability Critical
CVE-2020-28443 was published for sonar-wrapper (npm) Jul 26, 2022
Mailcwp remote file upload vulnerability incomplete fix v1.100 Critical Unreviewed
CVE-2016-1000156 was published May 17, 2022
An issue was discovered on SendQuick Entera and Avera devices before 2HF16. Multiple Command... Critical Unreviewed
CVE-2016-10098 was published May 17, 2022
ntesseract vulnerable to Command Injection Critical
CVE-2020-28446 was published for ntesseract (npm) Jul 26, 2022
A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and... Critical Unreviewed
CVE-2022-46404 was published Dec 13, 2022
Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2022-40100 was published Sep 25, 2022
Input passed to the Pdf() function is shell escaped and passed to child_process.exec() during PDF... Critical Unreviewed
CVE-2016-4991 was published Jul 29, 2022
Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x... Critical Unreviewed
CVE-2016-9835 was published May 17, 2022
deferred-exec Command Injection vulnerability Critical
CVE-2020-28438 was published for deferred-exec (npm) Jul 26, 2022
xopen is vulnerable to OS Command Injection in Exported Function xopen(filepath) Critical
CVE-2020-28447 was published for xopen (npm) Jul 26, 2022
ffmpeg-sdk vulnerable to OS Command Injection Critical
CVE-2020-28435 was published for ffmpeg-sdk (npm) Jul 26, 2022
Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with... Critical Unreviewed
CVE-2016-5640 was published May 17, 2022
Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300... Critical Unreviewed
CVE-2021-20698 was published May 24, 2022
TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the... Critical Unreviewed
CVE-2022-40475 was published Sep 30, 2022
Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300... Critical Unreviewed
CVE-2021-20699 was published May 24, 2022
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1)... Critical Unreviewed
CVE-2016-1388 was published May 17, 2022
Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell... Critical Unreviewed
CVE-2015-0857 was published May 17, 2022
Apache Airflow Hive Provider vulnerable to Command Injection Critical
CVE-2022-46421 was published for apache-airflow-providers-apache-hive (pip) Dec 20, 2022
IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2022-45717 was published Dec 23, 2022
TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2022-38308 was published Sep 15, 2022
In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi. Critical Unreviewed
CVE-2022-38826 was published Sep 17, 2022
If exploited, this command injection vulnerability could allow remote attackers to execute... Critical Unreviewed
CVE-2018-19950 was published May 24, 2022
TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi Critical Unreviewed
CVE-2022-38828 was published Sep 17, 2022
A vulnerability was found in trampgeek jobe up to 1.6.x and classified as critical. This issue... Critical Unreviewed
CVE-2020-36642 was published Jan 6, 2023
Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided... Critical Unreviewed
CVE-2023-22671 was published Jan 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database