Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,002 advisories

Loading
Unsanitized input when setting a locale file leads to shell injection in mIPC camera firmware 5.3... High Unreviewed
CVE-2022-40785 was published Sep 27, 2022
Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2022-40100 was published Sep 25, 2022
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote... High Unreviewed
CVE-2022-37881 was published Sep 21, 2022
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote... High Unreviewed
CVE-2022-37883 was published Sep 21, 2022
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote... High Unreviewed
CVE-2022-37878 was published Sep 21, 2022
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote... High Unreviewed
CVE-2022-37879 was published Sep 21, 2022
Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to... High Unreviewed
CVE-2022-36534 was published Sep 17, 2022
In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi. Critical Unreviewed
CVE-2022-38826 was published Sep 17, 2022
TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi Critical Unreviewed
CVE-2022-38828 was published Sep 17, 2022
TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability... High Unreviewed
CVE-2022-38534 was published Sep 16, 2022
TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability... High Unreviewed
CVE-2022-38535 was published Sep 16, 2022
TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2022-38308 was published Sep 15, 2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a... High Unreviewed
CVE-2022-36768 was published Sep 14, 2022
The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected... Critical Unreviewed
CVE-2022-37860 was published Sep 13, 2022
PDFKit vulnerable to Command Injection Critical
CVE-2022-25765 was published for pdfkit (RubyGems) Sep 10, 2022
wonda-tea-coffee kiafaldorius
Credited to wonda-tea-coffee and kiafaldorius
FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are vulnerable to Remote Command Execution in... High Unreviewed
CVE-2022-38531 was published Sep 9, 2022
PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending... Critical Unreviewed
CVE-2022-33941 was published Sep 9, 2022
Apache James vulnerable to buffering attack High
CVE-2022-28220 was published for org.apache.james:james-server (Maven) Sep 9, 2022
Command injection vulnerability was discovered in Netgear R6200 v2 firmware through R6200v2-V1.0... High Unreviewed
CVE-2022-30079 was published Sep 9, 2022
NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware... High Unreviewed
CVE-2022-30078 was published Sep 8, 2022
In TOTOLINK A860R V4.1.2cu.5182_B20201027 in cstecgi.cgi, the acquired parameters are directly... Critical Unreviewed
CVE-2022-37843 was published Sep 7, 2022
The tinygltf library uses the C library function wordexp() to perform file path expansion on... High Unreviewed
CVE-2022-3008 was published Sep 6, 2022
All versions of iSTAR Ultra prior to version 6.8.9.CU01are vulnerable to a command injection that... Critical Unreviewed
CVE-2022-21941 was published Sep 1, 2022
In D-Link DIR-816 A2_v1.10CNB04.img a command injection vulnerability occurs in /goform/Diagnosis... Critical Unreviewed
CVE-2022-37130 was published Sep 1, 2022
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi. High Unreviewed
CVE-2022-37123 was published Sep 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database