Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,990 advisories

Loading
By executing a special command, an user with administrative rights can get access to extended... Moderate Unreviewed
CVE-2021-23861 was published Dec 9, 2021
ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of... Critical Unreviewed
CVE-2022-31874 was published Jun 18, 2022
In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the "PING" (aka tag_ipPing)... Critical Unreviewed
CVE-2017-9980 was published May 17, 2022
Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution... Critical Unreviewed
CVE-2022-31446 was published Jun 15, 2022
scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1... Critical Unreviewed
CVE-2016-7399 was published May 17, 2022
A vulnerability was found in eprintsug ulcc-core. It has been declared as critical. Affected by... Critical Unreviewed
CVE-2021-4304 was published Jan 5, 2023
The affected product is vulnerable to a parameter injection via passphrase, which enables the... High Unreviewed
CVE-2021-42538 was published May 24, 2022
In Alpine through 2.24, untagged responses from an IMAP server are accepted before STARTTLS. Moderate Unreviewed
CVE-2021-38370 was published May 24, 2022
Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping... High Unreviewed
CVE-2022-30023 was published Jun 17, 2022
MERCURY MIPC451-4 1.0.22 Build 220105 Rel.55642n was discovered to contain a remote code... High Unreviewed
CVE-2022-31849 was published Jun 17, 2022
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0... High Unreviewed
CVE-2017-11392 was published May 17, 2022
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233... High Unreviewed
CVE-2016-0920 was published May 17, 2022
An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute... Critical Unreviewed
CVE-2022-31311 was published Jun 15, 2022
ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which... High Unreviewed
CVE-2021-41738 was published Jun 12, 2022
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an... High Unreviewed
CVE-2019-9972 was published Jun 8, 2022
A vulnerability classified as critical has been found in SevOne Network Management System up to 5... High Unreviewed
CVE-2020-36529 was published Jun 8, 2022
Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the ... High Unreviewed
CVE-2020-18885 was published May 24, 2022
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0... High Unreviewed
CVE-2017-11391 was published May 17, 2022
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote... High Unreviewed
CVE-2021-1443 was published May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W,... High Unreviewed
CVE-2021-1150 was published May 24, 2022
IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5... High Unreviewed
CVE-2014-8903 was published May 17, 2022
Insufficient input validation in PSP firmware for discrete TPM commands could allow a potential... High Unreviewed
CVE-2020-12946 was published May 24, 2022
An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a... Critical Unreviewed
CVE-2020-18048 was published May 24, 2022
opensysusers through 0.6 does not safely use eval on files in sysusers.d that may contain shell... Critical Unreviewed
CVE-2021-40084 was published May 24, 2022
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function... Critical Unreviewed
CVE-2021-42875 was published Jun 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database