GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
Command Injection in ascii-art
Low
GHSA-9hqj-38j2-5jgm
was published
for
ascii-art
(npm)
Sep 1, 2020
Improper Neutralization of Special Elements used in a Command ('Command Injection') in @floffah/build
Low
GHSA-jcgr-9698-82jx
was published
for
@floffah/build
(npm)
May 28, 2021
IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check...
Low
Unreviewed
CVE-2015-5011
was published
May 17, 2022
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a...
Low
Unreviewed
CVE-2010-2008
was published
May 13, 2022
Environment Variable Injection in GitHub Actions
Low
CVE-2020-15228
was published
for
@actions/core
(npm)
Oct 1, 2020
Command injection in @diez/generation
Low
CVE-2021-32830
was published
for
@diez/generation
(npm)
Sep 2, 2021
Withdrawn: Arbitrary code execution in lodash
Low
Unreviewed
CVE-2021-41720
was published
for
lodash
(npm)
Dec 3, 2021
Imperative CLI vulnerable to Command Injection
Low
CVE-2021-4326
was published
for
@zowe/imperative
(npm)
Mar 1, 2023
In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by...
Low
Unreviewed
CVE-2024-0325
was published
Feb 2, 2024
Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the...
Low
Unreviewed
CVE-2024-32314
was published
Apr 17, 2024
TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection...
Low
Unreviewed
CVE-2024-34218
was published
May 14, 2024
sshproxy vulnerable to SSH option injection
Low
CVE-2024-34713
was published
for
github.com/cea-hpc/sshproxy
(Go)
May 14, 2024
Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server"...
Low
Unreviewed
CVE-2024-22122
was published
Aug 12, 2024
ProTip!
Advisories are also available from the
GraphQL API