Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,102 advisories

Loading
VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access... High Unreviewed
CVE-2022-22945 was published Feb 17, 2022
Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin... Critical Unreviewed
CVE-2021-46319 was published Feb 18, 2022
Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D... Critical Unreviewed
CVE-2021-46315 was published Feb 18, 2022
A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L... Critical Unreviewed
CVE-2021-45382 was published Feb 18, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C... Critical Unreviewed
CVE-2022-21143 was published Feb 19, 2022
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated,... High Unreviewed
CVE-2022-20650 was published Feb 24, 2022
A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could... High Unreviewed
CVE-2021-4029 was published Feb 25, 2022
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push... Critical Unreviewed
CVE-2022-25263 was published Feb 26, 2022
OS Command injection in Apache Airflow High
CVE-2022-24288 was published for apache-airflow (pip) Feb 26, 2022
Command injection in github.com/google/fscrypt Moderate
CVE-2022-25328 was published for github.com/google/fscrypt (Go) Feb 26, 2022
Command injection in strapi Moderate
CVE-2022-0764 was published for strapi (npm) Feb 27, 2022
Remote shell execution vulnerability in image_processing Critical
CVE-2022-24720 was published for image_processing (RubyGems) Mar 1, 2022
A improper neutralization of special elements used in an os command ('os command injection') in... High Unreviewed
CVE-2021-43075 was published Mar 2, 2022
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could... Critical Unreviewed
CVE-2021-4039 was published Mar 2, 2022
Hicos citizen certificate client-side component does not filter special characters for command... Critical Unreviewed
CVE-2020-12775 was published Mar 2, 2022
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in... High Unreviewed
CVE-2022-22301 was published Mar 3, 2022
Exposure of home directory through shescape on Unix with Bash Moderate
CVE-2022-24725 was published for shescape (npm) Mar 3, 2022
OS Command injection in npm-lockfile Critical
CVE-2022-0841 was published for npm-lockfile (npm) Mar 4, 2022
ljharb
Credited to ljharb
There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build... High Unreviewed
CVE-2021-44827 was published Mar 5, 2022
OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11. Critical Unreviewed
CVE-2022-0848 was published Mar 5, 2022
OS Command Injection in GenieACS Critical
CVE-2021-46704 was published for genieacs (npm) Mar 7, 2022
Code injection in Stripe CLI on windows High
CVE-2022-24753 was published for github.com/stripe/stripe-cli (Go) Mar 10, 2022
Command Injection in CasaOS Critical
CVE-2022-24193 was published for github.com/IceWhaleTech/CasaOS (Go) Mar 11, 2022
UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511... Critical Unreviewed
CVE-2022-25621 was published Mar 12, 2022
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were... Critical Unreviewed
CVE-2022-27005 was published Mar 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database