Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,071 advisories

Loading
D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2022-44930 was published Dec 2, 2022
PyTorch vulnerable to arbitrary code execution Critical
CVE-2022-45907 was published for torch (pip) Nov 26, 2022
WilliamsCJ
Credited to WilliamsCJ
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection... Critical Unreviewed
CVE-2022-44844 was published Nov 25, 2022
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter... Critical Unreviewed
CVE-2022-44249 was published Nov 23, 2022
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in... Critical Unreviewed
CVE-2022-44251 was published Nov 23, 2022
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter... Critical Unreviewed
CVE-2022-44250 was published Nov 23, 2022
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter... Critical Unreviewed
CVE-2022-44252 was published Nov 23, 2022
Command injection in Apache DolphinScheduler Alert Plugins Critical
CVE-2022-45462 was published for org.apache.dolphinscheduler:dolphinscheduler-alert-plugins (Maven) Nov 23, 2022
Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when... Critical Unreviewed
CVE-2020-23584 was published Nov 23, 2022
OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. The issue occurs when the... Critical Unreviewed
CVE-2020-23583 was published Nov 23, 2022
DLINK - DSL-224 Post-auth PCE. DLINK router has an interface where you can configure NTP servers ... Critical Unreviewed
CVE-2022-36786 was published Nov 18, 2022
SolarView Compact 6.00 was discovered to contain a command injection vulnerability via... Critical Unreviewed
CVE-2022-40881 was published Nov 17, 2022
IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper... Critical Unreviewed
CVE-2022-40752 was published Nov 17, 2022
xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have... Critical Unreviewed
CVE-2022-45063 was published Nov 10, 2022
D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function... Critical Unreviewed
CVE-2022-43109 was published Nov 3, 2022
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Critical Unreviewed
CVE-2022-37425 was published Oct 28, 2022
IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the... Critical Unreviewed
CVE-2022-43367 was published Oct 27, 2022
An OS command injection vulnerability exists in the sysupgrade command injection functionality of... Critical Unreviewed
CVE-2022-32765 was published Oct 25, 2022
Multiple command injections and stack-based buffer overflows vulnerabilities in the... Critical Unreviewed
CVE-2021-26727 was published Oct 24, 2022
Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function... Critical Unreviewed
CVE-2021-26728 was published Oct 24, 2022
Command injection and multiple stack-based buffer overflows vulnerabilities in the... Critical Unreviewed
CVE-2021-26729 was published Oct 24, 2022
Command injection and multiple stack-based buffer overflows vulnerabilities in the... Critical Unreviewed
CVE-2021-26731 was published Oct 24, 2022
D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via... Critical Unreviewed
CVE-2022-43184 was published Oct 19, 2022
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login... Critical Unreviewed
CVE-2016-20017 was published Oct 19, 2022
Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection... Critical Unreviewed
CVE-2022-42897 was published Oct 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database