Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,267 advisories

Loading
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp... Critical Unreviewed
CVE-2022-26997 was published Mar 17, 2022
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp ... Critical Unreviewed
CVE-2022-26995 was published Mar 17, 2022
Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp... Critical Unreviewed
CVE-2022-27001 was published Mar 17, 2022
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were... Critical Unreviewed
CVE-2022-27003 was published Mar 17, 2022
Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns... Critical Unreviewed
CVE-2022-27002 was published Mar 17, 2022
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were... Critical Unreviewed
CVE-2022-27004 was published Mar 17, 2022
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps... Critical Unreviewed
CVE-2022-26998 was published Mar 17, 2022
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and... Critical Unreviewed
CVE-2022-27000 was published Mar 17, 2022
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip... Critical Unreviewed
CVE-2022-26999 was published Mar 17, 2022
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were... Critical Unreviewed
CVE-2022-27005 was published Mar 17, 2022
UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511... Critical Unreviewed
CVE-2022-25621 was published Mar 12, 2022
Command Injection in CasaOS Critical
CVE-2022-24193 was published for github.com/IceWhaleTech/CasaOS (Go) Mar 11, 2022
OS Command Injection in GenieACS Critical
CVE-2021-46704 was published for genieacs (npm) Mar 7, 2022
OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11. Critical Unreviewed
CVE-2022-0848 was published Mar 5, 2022
OS Command injection in npm-lockfile Critical
CVE-2022-0841 was published for npm-lockfile (npm) Mar 4, 2022
ljharb
Credited to ljharb
Hicos citizen certificate client-side component does not filter special characters for command... Critical Unreviewed
CVE-2020-12775 was published Mar 2, 2022
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could... Critical Unreviewed
CVE-2021-4039 was published Mar 2, 2022
Remote shell execution vulnerability in image_processing Critical
CVE-2022-24720 was published for image_processing (RubyGems) Mar 1, 2022
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push... Critical Unreviewed
CVE-2022-25263 was published Feb 26, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C... Critical Unreviewed
CVE-2022-21143 was published Feb 19, 2022
A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L... Critical Unreviewed
CVE-2021-45382 was published Feb 18, 2022
Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D... Critical Unreviewed
CVE-2021-46315 was published Feb 18, 2022
Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin... Critical Unreviewed
CVE-2021-46319 was published Feb 18, 2022
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript... Critical Unreviewed
CVE-2021-3781 was published Feb 17, 2022
An OS command injection was found in SecuwaySSL, when special characters injection on execute... Critical Unreviewed
CVE-2021-26616 was published Feb 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database