Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,534 advisories

Loading
A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to... High Unreviewed
CVE-2022-20665 was published Apr 7, 2022
A command injection vulerability found in quick game engine allows arbitrary remote code in quick... Critical Unreviewed
CVE-2021-23247 was published Apr 3, 2022
An attacker could leverage an API to pass along a malicious file that could then manipulate the... Critical Unreviewed
CVE-2021-32933 was published Apr 3, 2022
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection... High Unreviewed
CVE-2021-43664 was published Apr 1, 2022
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection... High Unreviewed
CVE-2021-43663 was published Apr 1, 2022
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Moderate Unreviewed
CVE-2022-25619 was published Mar 31, 2022
A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900... Critical Unreviewed
CVE-2021-43118 was published Mar 30, 2022
Improper neutralization of special elements used in a command ('Command Injection') vulnerability... High Unreviewed
CVE-2022-22688 was published Mar 26, 2022
D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a... Critical Unreviewed
CVE-2021-31326 was published Mar 25, 2022
Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be... High Unreviewed
CVE-2022-1030 was published Mar 24, 2022
A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the... Moderate Unreviewed
CVE-2021-28275 was published Mar 24, 2022
ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via... Critical Unreviewed
CVE-2022-23881 was published Mar 24, 2022
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection... Critical Unreviewed
CVE-2022-26188 was published Mar 23, 2022
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection... Critical Unreviewed
CVE-2022-26189 was published Mar 23, 2022
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection... Critical Unreviewed
CVE-2022-26187 was published Mar 23, 2022
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection... Critical Unreviewed
CVE-2022-26186 was published Mar 23, 2022
DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the... Critical Unreviewed
CVE-2021-39383 was published Mar 22, 2022
Specially crafted string in OTRS system configuration can allow the execution of any system command. High Unreviewed
CVE-2021-36100 was published Mar 22, 2022
The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection... High Unreviewed
CVE-2022-24237 was published Mar 22, 2022
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection.... Critical Unreviewed
CVE-2021-45876 was published Mar 22, 2022
An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, ... Critical Unreviewed
CVE-2021-45966 was published Mar 19, 2022
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter... Critical Unreviewed
CVE-2022-25427 was published Mar 19, 2022
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in... Critical Unreviewed
CVE-2022-25428 was published Mar 19, 2022
Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10... Critical Unreviewed
CVE-2022-25431 was published Mar 19, 2022
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the firewallen parameter in... Critical Unreviewed
CVE-2022-25434 was published Mar 19, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database