Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,534 advisories

Loading
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to... High Unreviewed
CVE-2019-3920 was published May 13, 2022
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to... High Unreviewed
CVE-2019-3919 was published May 13, 2022
The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to... Critical Unreviewed
CVE-2014-1203 was published May 13, 2022
The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19,... Critical Unreviewed
CVE-2017-15940 was published May 13, 2022
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that... High Unreviewed
CVE-2015-8971 was published May 13, 2022
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2... High Unreviewed
CVE-2017-15889 was published May 13, 2022
picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command... Critical Unreviewed
CVE-2015-9059 was published May 13, 2022
The Screensavercc component in eLux RP before 5.5.0 allows attackers to bypass intended... Critical Unreviewed
CVE-2017-7977 was published May 13, 2022
IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated... High Unreviewed
CVE-2017-1407 was published May 13, 2022
FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection... High Unreviewed
CVE-2017-2718 was published May 13, 2022
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute... Critical Unreviewed
CVE-2015-2857 was published May 13, 2022
This command injection vulnerability in QTS allows attackers to run arbitrary commands in the... Critical Unreviewed
CVE-2017-7876 was published May 13, 2022
A remote code execution vulnerability exists in the way that the MSHTML engine inproperly... High Unreviewed
CVE-2019-0541 was published May 13, 2022
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if... High Unreviewed
CVE-2016-7076 was published May 13, 2022
A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local... High Unreviewed
CVE-2019-1646 was published May 13, 2022
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a... Low Unreviewed
CVE-2010-2008 was published May 13, 2022
Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper... Critical Unreviewed
CVE-2018-1000802 was published May 13, 2022
An issue was discovered on the D-Link DWR-932B router. qmiweb allows command injection with `... Critical Unreviewed
CVE-2016-10182 was published May 13, 2022
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim... Moderate Unreviewed
CVE-2010-4345 was published May 13, 2022
GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via... High Unreviewed
CVE-2014-7208 was published May 13, 2022
rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a... High Unreviewed
CVE-2019-1000018 was published May 13, 2022
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. High Unreviewed
CVE-2014-9114 was published May 13, 2022
The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in... High Unreviewed
CVE-2016-6270 was published May 13, 2022
The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and... Moderate Unreviewed
CVE-2014-3556 was published May 13, 2022
A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all... Critical Unreviewed
CVE-2017-7689 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database