Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,002 advisories

Loading
An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over... Critical Unreviewed
CVE-2022-32310 was published Jul 6, 2022
Command injection in git-clone High
CVE-2022-25900 was published for git-clone (npm) Jul 2, 2022
lirantal
Credited to lirantal
piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor. High Unreviewed
CVE-2021-40553 was published Jun 29, 2022
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security... Critical Unreviewed
CVE-2022-28171 was published Jun 28, 2022
D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2022-32092 was published Jun 28, 2022
ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of... Critical Unreviewed
CVE-2022-31874 was published Jun 18, 2022
Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping... High Unreviewed
CVE-2022-30023 was published Jun 17, 2022
MERCURY MIPC451-4 1.0.22 Build 220105 Rel.55642n was discovered to contain a remote code... High Unreviewed
CVE-2022-31849 was published Jun 17, 2022
Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search... High Unreviewed
CVE-2022-32154 was published Jun 16, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The... Critical Unreviewed
CVE-2022-32262 was published Jun 15, 2022
Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution... Critical Unreviewed
CVE-2022-31446 was published Jun 15, 2022
An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute... Critical Unreviewed
CVE-2022-31311 was published Jun 15, 2022
Command Injection in Nuitka High
CVE-2022-2054 was published for Nuitka (pip) Jun 13, 2022
ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which... High Unreviewed
CVE-2021-41738 was published Jun 12, 2022
OS Command Injection in git-promise High
CVE-2022-24376 was published for git-promise (npm) Jun 11, 2022
lirantal
Credited to lirantal
A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418... Critical Unreviewed
CVE-2022-29013 was published Jun 10, 2022
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an... High Unreviewed
CVE-2019-9972 was published Jun 8, 2022
A vulnerability classified as critical has been found in SevOne Network Management System up to 5... High Unreviewed
CVE-2020-36529 was published Jun 8, 2022
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function... Critical Unreviewed
CVE-2021-42890 was published Jun 4, 2022
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function... Critical Unreviewed
CVE-2021-42888 was published Jun 4, 2022
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function... Critical Unreviewed
CVE-2021-42884 was published Jun 4, 2022
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function... Critical Unreviewed
CVE-2021-42885 was published Jun 4, 2022
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function... Critical Unreviewed
CVE-2021-42875 was published Jun 3, 2022
OS Command Injection in gogs Critical
CVE-2022-1884 was published for gogs.io/gogs (Go) Jun 2, 2022
1135
Credited to 1135
sharp vulnerable to Command Injection in post-installation over build environment Moderate
CVE-2022-29256 was published for sharp (npm) Jun 1, 2022
dwisiswant0
Credited to dwisiswant0
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database