Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,002 advisories

Loading
A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel... High Unreviewed
CVE-2022-35265 was published Oct 25, 2022
myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable... High Unreviewed
CVE-2021-46850 was published Oct 24, 2022
Multiple command injections and stack-based buffer overflows vulnerabilities in the... Critical Unreviewed
CVE-2021-26727 was published Oct 24, 2022
Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function... Critical Unreviewed
CVE-2021-26728 was published Oct 24, 2022
Command injection and multiple stack-based buffer overflows vulnerabilities in the... Critical Unreviewed
CVE-2021-26729 was published Oct 24, 2022
Command injection and multiple stack-based buffer overflows vulnerabilities in the... Critical Unreviewed
CVE-2021-26731 was published Oct 24, 2022
In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x... High Unreviewed
CVE-2022-41617 was published Oct 20, 2022
D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via... Critical Unreviewed
CVE-2022-43184 was published Oct 19, 2022
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login... Critical Unreviewed
CVE-2016-20017 was published Oct 19, 2022
RAVA certificate validation system has insufficient filtering for special parameter of the web... High Unreviewed
CVE-2022-39057 was published Oct 18, 2022
Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, resulting in a command... High Unreviewed
CVE-2022-42221 was published Oct 17, 2022
A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4... High Unreviewed
CVE-2022-2992 was published Oct 17, 2022
D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via... High Unreviewed
CVE-2022-42161 was published Oct 14, 2022
D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the... High Unreviewed
CVE-2022-42156 was published Oct 14, 2022
D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via... High Unreviewed
CVE-2022-42160 was published Oct 14, 2022
Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection... Critical Unreviewed
CVE-2022-42897 was published Oct 13, 2022
Powerline Gitstatus vulnerable to arbitrary code execution High
CVE-2022-42906 was published for powerline-gitstatus (pip) Oct 13, 2022
iKuai8 v3.6.7 was discovered to contain an authenticated remote code execution (RCE) vulnerability. High Unreviewed
CVE-2022-40469 was published Oct 12, 2022
An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10... High Unreviewed
CVE-2022-37893 was published Oct 8, 2022
Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious... High Unreviewed
CVE-2022-3276 was published Oct 8, 2022
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection... Critical Unreviewed
CVE-2022-41518 was published Oct 6, 2022
AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified... Critical Unreviewed
CVE-2022-41870 was published Oct 1, 2022
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated,... High Unreviewed
CVE-2022-20851 was published Oct 1, 2022
NuProcess vulnerable to command-line injection through insertion of NUL character(s) High
CVE-2022-39243 was published for com.zaxxer:nuprocess (Maven) Sep 30, 2022
TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the... Critical Unreviewed
CVE-2022-40475 was published Sep 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database