Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,262
NuGet
760
pip
4,058
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,996 advisories

Loading
A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900... Critical Unreviewed
CVE-2021-43118 was published Mar 30, 2022
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Moderate Unreviewed
CVE-2022-25619 was published Mar 31, 2022
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection... High Unreviewed
CVE-2021-43663 was published Apr 1, 2022
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection... High Unreviewed
CVE-2021-43664 was published Apr 1, 2022
Command Injection Vulnerability with Mercurial in VCS Critical
CVE-2022-21235 was published for github.com/Masterminds/vcs (Go) Apr 1, 2022
dellalibera
Credited to dellalibera
An attacker could leverage an API to pass along a malicious file that could then manipulate the... Critical Unreviewed
CVE-2021-32933 was published Apr 3, 2022
A command injection vulerability found in quick game engine allows arbitrary remote code in quick... Critical Unreviewed
CVE-2021-23247 was published Apr 3, 2022
A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to... High Unreviewed
CVE-2022-20665 was published Apr 7, 2022
A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3... Critical Unreviewed
CVE-2022-23900 was published Apr 8, 2022
An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any... Critical Unreviewed
CVE-2021-43474 was published Apr 9, 2022
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain... Critical Unreviewed
CVE-2022-27275 was published Apr 11, 2022
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain... Critical Unreviewed
CVE-2022-27272 was published Apr 11, 2022
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain... Critical Unreviewed
CVE-2022-27273 was published Apr 11, 2022
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain... Critical Unreviewed
CVE-2022-27274 was published Apr 11, 2022
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain... Critical Unreviewed
CVE-2022-27270 was published Apr 11, 2022
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain... Critical Unreviewed
CVE-2022-27276 was published Apr 11, 2022
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain... Critical Unreviewed
CVE-2022-27271 was published Apr 11, 2022
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain... Critical Unreviewed
CVE-2022-27269 was published Apr 11, 2022
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain... Critical Unreviewed
CVE-2022-27268 was published Apr 11, 2022
An authenticated user may be able to misuse parameters to inject arbitrary operating system... High Unreviewed
CVE-2022-0999 was published Apr 12, 2022
Command injection in npm-dependency-versions Critical
CVE-2022-29080 was published for npm-dependency-versions (npm) Apr 13, 2022
p-w
Credited to p-w
In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into... Critical Unreviewed
CVE-2015-20107 was published Apr 14, 2022
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create... High Unreviewed
CVE-2021-43286 was published Apr 15, 2022
On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell... High Unreviewed
CVE-2009-5157 was published Apr 21, 2022
An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi... Critical Unreviewed
CVE-2009-5156 was published Apr 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database