Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,640
Maven
5,000+
npm
4,265
NuGet
760
pip
4,061
Pub
12
RubyGems
956
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,000 advisories

Loading
The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19,... Critical Unreviewed
CVE-2017-15940 was published May 13, 2022
The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to... Critical Unreviewed
CVE-2014-1203 was published May 13, 2022
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that... High Unreviewed
CVE-2015-8971 was published May 13, 2022
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2... High Unreviewed
CVE-2017-15889 was published May 13, 2022
The Screensavercc component in eLux RP before 5.5.0 allows attackers to bypass intended... Critical Unreviewed
CVE-2017-7977 was published May 13, 2022
FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection... High Unreviewed
CVE-2017-2718 was published May 13, 2022
picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command... Critical Unreviewed
CVE-2015-9059 was published May 13, 2022
IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated... High Unreviewed
CVE-2017-1407 was published May 13, 2022
VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead... High Unreviewed
CVE-2021-43469 was published Dec 7, 2021
An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows... Critical Unreviewed
CVE-2021-35978 was published Dec 11, 2021
vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI... Critical Unreviewed
CVE-2022-31702 was published Dec 14, 2022
A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with... High Unreviewed
CVE-2021-42129 was published Dec 8, 2021
A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with... High Unreviewed
CVE-2021-42132 was published Dec 8, 2021
Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection... Critical Unreviewed
CVE-2021-43319 was published Dec 1, 2021
The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection... Critical Unreviewed
CVE-2021-31324 was published May 24, 2022
The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The ... High Unreviewed
CVE-2021-43557 was published Nov 23, 2021
TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection... High Unreviewed
CVE-2022-36455 was published Aug 26, 2022
Vulnerability in singleCrunch function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36381 was published for aaptjs (npm) Nov 1, 2021
Vulnerability in crunch function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36380 was published for aaptjs (npm) Nov 1, 2021
Command Injection in RaspAP 2.6.6 High
CVE-2021-38556 was published for billz/raspap-webgui (Composer) Sep 2, 2021
Vulnerability in packageCmd function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36378 was published for aaptjs (npm) Nov 2, 2021
Data races in bunch High
CVE-2020-36450 was published for bunch (Rust) Aug 25, 2021
Withdrawn: Arbitrary code execution in lodash Low Unreviewed
CVE-2021-41720 was published for lodash (npm) Dec 3, 2021
Vulnerability in remove function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36379 was published for aaptjs (npm) Nov 2, 2021
Vulnerability in dump function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36377 was published for aaptjs (npm) Nov 2, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database