Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,640
Maven
5,000+
npm
4,265
NuGet
760
pip
4,061
Pub
12
RubyGems
956
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,103 advisories

Loading
A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated... High Unreviewed
CVE-2017-12305 was published May 13, 2022
In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for... High Unreviewed
CVE-2017-5255 was published May 13, 2022
In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up... High Unreviewed
CVE-2017-16921 was published May 13, 2022
Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by... Critical Unreviewed
CVE-2017-17055 was published May 17, 2022
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile,... High Unreviewed
CVE-2017-17405 was published May 13, 2022
Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via... Critical Unreviewed
CVE-2017-10904 was published May 14, 2022
The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly... High Unreviewed
CVE-2017-15049 was published May 13, 2022
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations... Critical Unreviewed
CVE-2017-17411 was published May 14, 2022
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection... Critical Unreviewed
CVE-2022-46631 was published Dec 16, 2022
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection... Critical Unreviewed
CVE-2022-46634 was published Dec 16, 2022
Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usb_adv.cgi, which... Critical Unreviewed
CVE-2025-28219 was published Mar 28, 2025
Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set. High Unreviewed
CVE-2022-45043 was published Dec 12, 2022
Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform... High Unreviewed
CVE-2022-45977 was published Dec 12, 2022
Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output. High Unreviewed
CVE-2022-45996 was published Dec 12, 2022
TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution... Critical Unreviewed
CVE-2025-28038 was published Apr 22, 2025
TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution... Critical Unreviewed
CVE-2025-28039 was published Apr 22, 2025
Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1... High Unreviewed
CVE-2022-43464 was published Dec 7, 2022
Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the... Critical Unreviewed
CVE-2022-45497 was published Dec 8, 2022
TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution... Critical Unreviewed
CVE-2025-28035 was published Apr 22, 2025
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300... Critical Unreviewed
CVE-2020-6627 was published Dec 6, 2022
Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2022-45506 was published Dec 8, 2022
egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package... Critical Unreviewed
CVE-2022-45145 was published Dec 10, 2022
TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu... Critical Unreviewed
CVE-2025-28034 was published Apr 22, 2025
TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution... Critical Unreviewed
CVE-2025-28036 was published Apr 22, 2025
Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a... Critical Unreviewed
CVE-2022-45025 was published Dec 7, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database