Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,532 advisories

Loading
In ims service, there is a possible AT command injection due to a missing permission check. This... High Unreviewed
CVE-2022-20054 was published Mar 11, 2022
Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX... High Unreviewed
CVE-2021-41000 was published Mar 3, 2022
An authenticated remote code execution vulnerability was discovered in the AOS-CX Network... High Unreviewed
CVE-2021-41001 was published Mar 3, 2022
The laser command injection vulnerability exists on AIS-BW80H-00 versions earlier than AIS-BW80H... High Unreviewed
CVE-2021-40043 was published Feb 26, 2022
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2022-25060 was published Feb 26, 2022
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE)... Critical Unreviewed
CVE-2022-25064 was published Feb 26, 2022
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2022-25061 was published Feb 26, 2022
A command injection vulnerability in the function formImportOMCIShell of C-DATA ONU4FERW V2.1... High Unreviewed
CVE-2021-44132 was published Feb 26, 2022
TOTOLink A830R V5.9c.4729_B20191112 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2022-25080 was published Feb 25, 2022
TOTOLink A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection... Critical Unreviewed
CVE-2022-25083 was published Feb 25, 2022
TOTOLink T10 V5.9c.5061_B20200511 was discovered to contain a command injection vulnerability in... Critical Unreviewed
CVE-2022-25081 was published Feb 25, 2022
TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection... Critical Unreviewed
CVE-2022-25079 was published Feb 25, 2022
TOTOLink A3100R V4.1.2cu.5050_B20200504 was discovered to contain a command injection... Critical Unreviewed
CVE-2022-25077 was published Feb 25, 2022
TOTOLink A800R V4.1.2cu.5137_B20200730 was discovered to contain a command injection... Critical Unreviewed
CVE-2022-25076 was published Feb 25, 2022
TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2022-25075 was published Feb 25, 2022
TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a... Critical Unreviewed
CVE-2022-25082 was published Feb 25, 2022
TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection... Critical Unreviewed
CVE-2022-25078 was published Feb 25, 2022
TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in... Critical Unreviewed
CVE-2022-25084 was published Feb 25, 2022
Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices... Critical Unreviewed
CVE-2022-25809 was published Feb 25, 2022
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack... Critical Unreviewed
CVE-2021-39363 was published Feb 25, 2022
Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable... High Unreviewed
CVE-2022-24295 was published Feb 22, 2022
IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could... High Unreviewed
CVE-2022-22308 was published Feb 22, 2022
A command injection vulnerability in the function updateWifiInfo of TOTOLINK Technology routers... Critical Unreviewed
CVE-2022-25130 was published Feb 20, 2022
A command injection vulnerability in the function setUpgradeFW of TOTOLINK Technology router T6... Critical Unreviewed
CVE-2022-25134 was published Feb 20, 2022
A command injection vulnerability in the function recvSlaveCloudCheckStatus of TOTOLINK... Critical Unreviewed
CVE-2022-25131 was published Feb 20, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database