Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,263
NuGet
760
pip
4,058
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,996 advisories

Loading
A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel... High Unreviewed
CVE-2022-35270 was published Oct 25, 2022
A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel... High Unreviewed
CVE-2022-35264 was published Oct 25, 2022
Command Injection in pdfinfojs Critical
CVE-2018-3746 was published for pdfinfojs (npm) Jun 7, 2018
All versions of iSTAR Ultra prior to version 6.8.9.CU01are vulnerable to a command injection that... Critical Unreviewed
CVE-2022-21941 was published Sep 1, 2022
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost. Critical Unreviewed
CVE-2022-37125 was published Sep 1, 2022
NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware... High Unreviewed
CVE-2022-30078 was published Sep 8, 2022
@actions/core has Delimiter Injection Vulnerability in exportVariable Moderate
CVE-2022-35954 was published for @actions/core (npm) Aug 18, 2022
jupenur
Credited to jupenur
The affected product is vulnerable to two instances of command injection, which may allow an... Critical Unreviewed
CVE-2022-2143 was published Jul 23, 2022
Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering... High Unreviewed
CVE-2020-11496 was published May 24, 2022
FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are vulnerable to Remote Command Execution in... High Unreviewed
CVE-2022-38531 was published Sep 9, 2022
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to command... Critical Unreviewed
CVE-2022-36523 was published Aug 16, 2022
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173... Critical Unreviewed
CVE-2020-27240 was published May 24, 2022
An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business... High Unreviewed
CVE-2016-9044 was published May 13, 2022
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173... Critical Unreviewed
CVE-2020-27241 was published May 24, 2022
In the wazuh-slack active response script in Wazuh before 4.2.5, untrusted user agents are passed... Critical Unreviewed
CVE-2021-44079 was published May 24, 2022
Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker... Moderate Unreviewed
CVE-2021-26321 was published May 24, 2022
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export... High Unreviewed
CVE-2021-43266 was published May 24, 2022
An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 which allows attackers to... Critical Unreviewed
CVE-2020-26707 was published May 24, 2022
In Ericsson Network Location MPS GMPC21, it is possible to inject commands via file_name in the... Critical Unreviewed
CVE-2021-43339 was published May 24, 2022
All versions of yongyou PLM are affected by a command injection issue. UFIDA PLM (Product Life... Critical Unreviewed
CVE-2021-41744 was published May 24, 2022
A command injection vulnerability has been reported to affect QNAP device running Media Streaming... High Unreviewed
CVE-2021-34362 was published May 24, 2022
IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the... Critical Unreviewed
CVE-2022-43367 was published Oct 27, 2022
A command injection vulnerability in command processing on Juniper Networks Junos OS Evolved... High Unreviewed
CVE-2021-31356 was published May 24, 2022
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy... Moderate Unreviewed
CVE-2021-40995 was published May 24, 2022
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy... High Unreviewed
CVE-2021-40999 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database