GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
263 advisories
Filter by severity
An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version...
Moderate
Unreviewed
CVE-2016-9337
was published
May 17, 2022
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible...
Moderate
Unreviewed
CVE-2017-6184
was published
May 17, 2022
A command injection vulnerability in Juniper Networks NorthStar Controller Application prior to...
Moderate
Unreviewed
CVE-2017-2324
was published
May 17, 2022
Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is...
Moderate
Unreviewed
CVE-2014-9622
was published
May 17, 2022
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability...
Moderate
Unreviewed
CVE-2016-9873
was published
May 17, 2022
A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows...
Moderate
Unreviewed
CVE-2012-4086
was published
May 17, 2022
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into...
Moderate
Unreviewed
CVE-2017-1352
was published
May 17, 2022
Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a...
Moderate
Unreviewed
CVE-2015-3716
was published
May 17, 2022
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local...
Moderate
Unreviewed
CVE-2017-12339
was published
May 17, 2022
The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before...
Moderate
Unreviewed
CVE-2014-4336
was published
May 14, 2022
IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully...
Moderate
Unreviewed
CVE-2017-1720
was published
May 14, 2022
The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility ...
Moderate
Unreviewed
CVE-2015-2746
was published
May 14, 2022
Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send...
Moderate
Unreviewed
CVE-2015-6613
was published
May 14, 2022
Puppet Arbitrary Command Execution
Moderate
CVE-2012-1988
was published
for
puppet
(RubyGems)
May 14, 2022
A command injection vulnerability exists in the Microsoft Wireless Display Adapter (MWDA) when...
Moderate
Unreviewed
CVE-2018-8306
was published
May 13, 2022
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local...
Moderate
Unreviewed
CVE-2017-12335
was published
May 13, 2022
A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System...
Moderate
Unreviewed
CVE-2017-12329
was published
May 13, 2022
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local...
Moderate
Unreviewed
CVE-2017-12330
was published
May 13, 2022
An attacker could inject commands to delete files and/or delete the contents of a file on CX...
Moderate
Unreviewed
CVE-2018-19013
was published
May 13, 2022
The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and...
Moderate
Unreviewed
CVE-2014-3556
was published
May 13, 2022
An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running...
Moderate
Unreviewed
CVE-2017-12094
was published
May 13, 2022
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability...
Moderate
Unreviewed
CVE-2022-25619
was published
Mar 31, 2022
A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the...
Moderate
Unreviewed
CVE-2021-28275
was published
Mar 24, 2022
Command Injection in Apache Kylin
Moderate
CVE-2021-45456
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
ProTip!
Advisories are also available from the
GraphQL API