Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

43 advisories

Loading
CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule Critical Unreviewed
CVE-2021-43736 was published Mar 24, 2022
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default... Critical Unreviewed
CVE-2020-28026 was published May 24, 2022
Arbitrary file write in dragonfly Critical
CVE-2021-33473 was published for dragonfly (RubyGems) Jun 3, 2022
An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung... Critical Unreviewed
CVE-2018-3856 was published May 13, 2022
AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_del.inc.php Critical Unreviewed
CVE-2022-47926 was published Dec 22, 2022
Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via... Critical Unreviewed
CVE-2020-25494 was published May 24, 2022
A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote... Critical Unreviewed
CVE-2020-21224 was published May 24, 2022
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was... Critical Unreviewed
CVE-2021-31909 was published May 24, 2022
The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote... Critical Unreviewed
CVE-2021-24030 was published May 24, 2022
Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an... Critical Unreviewed
CVE-2021-31698 was published May 24, 2022
Gitea vulnerable to Argument Injection Critical
CVE-2022-42968 was published for github.com/go-gitea/gitea (Go) Oct 16, 2022
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability... Critical Unreviewed
CVE-2020-5648 was published May 24, 2022
An Argument Injection or Modification vulnerability in the "Change Secret" username field as used... Critical Unreviewed
CVE-2022-1399 was published Aug 18, 2022
Command injection in git-interface Critical
CVE-2022-1440 was published for git-interface (npm) Apr 23, 2022
lirantal
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by... Critical Unreviewed
CVE-2019-3463 was published May 13, 2022
Command injection in nodemailer Critical
CVE-2020-7769 was published for nodemailer (npm) May 10, 2021
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program... Critical Unreviewed
CVE-2018-10992 was published May 13, 2022
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x... Critical Unreviewed
CVE-2018-17456 was published May 13, 2022
There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial... Critical Unreviewed
CVE-2018-13385 was published May 13, 2022
Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to... Critical Unreviewed
CVE-2017-14591 was published May 17, 2022
Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. Critical Unreviewed
CVE-2020-28367 was published May 24, 2022
In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection... Critical Unreviewed
CVE-2022-45062 was published Nov 9, 2022
Command injection in ruby-git Critical
CVE-2022-25648 was published for git (RubyGems) Apr 20, 2022
Apache Hadoop argument injection vulnerability Critical
CVE-2022-25168 was published for org.apache.hadoop:hadoop-common (Maven) Aug 5, 2022
Arbitrary code execution in H2 Console Critical
CVE-2022-23221 was published for com.h2database:h2 (Maven) Jan 21, 2022
ProTip! Advisories are also available from the GraphQL API