Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,991 advisories

Loading
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb... High Unreviewed
CVE-2021-20160 was published Dec 31, 2021
Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. The system log... High Unreviewed
CVE-2021-20159 was published Dec 31, 2021
Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary... High Unreviewed
CVE-2021-45978 was published Jan 5, 2022
The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command... Critical Unreviewed
CVE-2021-43711 was published Jan 5, 2022
Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary... High Unreviewed
CVE-2021-45979 was published Jan 5, 2022
Command Injection in node-windows Critical
CVE-2021-45459 was published for node-windows (npm) Jan 5, 2022
dwisiswant0 tdunlap607
Credited to dwisiswant0 and tdunlap607
OS Command Injection in celery High
CVE-2021-23727 was published for celery (pip) Jan 6, 2022
An authenticated user can execute arbitrary command in Gerapy High
CVE-2021-32849 was published for gerapy (pip) Jan 6, 2022
Command Injection in Apache James Moderate
CVE-2021-38542 was published for org.apache.james:james-server (Maven) Jan 8, 2022
Command Injection in Apache Kylin Moderate
CVE-2021-45456 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a... High Unreviewed
CVE-2021-45441 was published Jan 11, 2022
IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a... High Unreviewed
CVE-2021-38991 was published Jan 12, 2022
Pipenv's requirements.txt parsing allows malicious index url in comments High
CVE-2022-21668 was published for pipenv (pip) Jan 12, 2022
milo-minderbinder
Credited to milo-minderbinder
An issue was discovered in CALDERA 2.8.1. It contains multiple startup "requirements" that... High Unreviewed
CVE-2021-42559 was published Jan 13, 2022
A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to... High Unreviewed
CVE-2022-22991 was published Jan 14, 2022
jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController:... Critical Unreviewed
CVE-2021-45807 was published Jan 14, 2022
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and... High Unreviewed
CVE-2021-45806 was published Jan 14, 2022
China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone... Critical Unreviewed
CVE-2021-33963 was published Jan 16, 2022
China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRMesh/set_ZRMesh which... High Unreviewed
CVE-2021-33965 was published Jan 19, 2022
China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRRuleFilter... High Unreviewed
CVE-2021-33964 was published Jan 19, 2022
A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local... High Unreviewed
CVE-2021-31854 was published Jan 20, 2022
Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07. Critical Unreviewed
CVE-2021-44735 was published Jan 21, 2022
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check. Critical Unreviewed
CVE-2022-23935 was published Jan 26, 2022
The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to... Critical Unreviewed
CVE-2021-46560 was published Jan 27, 2022
A command injection remote code execution vulnerability was discovered on Western Digital My... Critical Unreviewed
CVE-2022-22992 was published Jan 29, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database