GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,638
Composer 5,007
Erlang 39
GitHub Actions 38
Go 2,645
Maven 6,108
npm 4,271
NuGet 760
pip 4,065
Pub 12
RubyGems 957
Rust 1,057
Swift 45

Unreviewed advisories

All unreviewed 277,129

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

3,002 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers... Critical Unreviewed

CVE-2020-23151 was published May 24, 2022

In Alpine through 2.24, untagged responses from an IMAP server are accepted before STARTTLS. Moderate Unreviewed

CVE-2021-38370 was published May 24, 2022

In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses... Moderate Unreviewed

CVE-2021-38372 was published May 24, 2022

In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext... Moderate Unreviewed

CVE-2021-38373 was published May 24, 2022

Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/api_funct.py. High Unreviewed

CVE-2021-38169 was published May 24, 2022

Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering... Critical Unreviewed

CVE-2021-38173 was published May 24, 2022

In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the adm.cgi binary, accessible... Critical Unreviewed

CVE-2021-36705 was published May 24, 2022

In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the adm.cgi binary, accessible... Critical Unreviewed

CVE-2021-36706 was published May 24, 2022

In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in the adm.cgi binary,... Critical Unreviewed

CVE-2021-36707 was published May 24, 2022

The unofficial vscode-phpmd (aka PHP Mess Detector) extension before 1.3.0 for Visual Studio Code... Critical Unreviewed

CVE-2021-30124 was published May 24, 2022

A remote execution of arbitrary commands vulnerability was discovered in Aruba CX 6200F Switch... High Unreviewed

CVE-2021-29143 was published May 24, 2022

An command injection vulnerability in HNAP1/SetWLanApcliSettings of Motorola CX2 router CX 1.0.2... Critical Unreviewed

CVE-2020-21937 was published May 24, 2022

A command injection vulnerability in HNAP1/GetNetworkTomographySettings of Motorola CX2 router CX... Critical Unreviewed

CVE-2020-21935 was published May 24, 2022

An instance of improper neutralization of special elements in the sniffer module of FortiSandbox... High Unreviewed

CVE-2021-22125 was published May 24, 2022

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy... High Unreviewed

CVE-2021-34610 was published May 24, 2022

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy... High Unreviewed

CVE-2021-34611 was published May 24, 2022

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy... Moderate Unreviewed

CVE-2021-34614 was published May 24, 2022

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy... Moderate Unreviewed

CVE-2021-34616 was published May 24, 2022

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy... Moderate Unreviewed

CVE-2021-34615 was published May 24, 2022

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy... Moderate Unreviewed

CVE-2021-34613 was published May 24, 2022

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy... Moderate Unreviewed

CVE-2021-34612 was published May 24, 2022

Command injection vulnerability in QSAN XEVO, SANOS allows remote unauthenticated attackers to... Critical Unreviewed

CVE-2021-32529 was published May 24, 2022

Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into... High Unreviewed

CVE-2020-23219 was published May 24, 2022

A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated... Critical Unreviewed

CVE-2021-31838 was published May 24, 2022

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp.... Moderate Unreviewed

CVE-2021-33515 was published May 24, 2022

Previous 1…79…121 Next

Previous 1 2 … 77 78 79 80 81 … 120 121 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

3,002 advisories