Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,071 advisories

Loading
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection... Critical Unreviewed
CVE-2022-41518 was published Oct 6, 2022
AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified... Critical Unreviewed
CVE-2022-41870 was published Oct 1, 2022
TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the... Critical Unreviewed
CVE-2022-40475 was published Sep 30, 2022
Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2022-40100 was published Sep 25, 2022
In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi. Critical Unreviewed
CVE-2022-38826 was published Sep 17, 2022
TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi Critical Unreviewed
CVE-2022-38828 was published Sep 17, 2022
TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2022-38308 was published Sep 15, 2022
The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected... Critical Unreviewed
CVE-2022-37860 was published Sep 13, 2022
PDFKit vulnerable to Command Injection Critical
CVE-2022-25765 was published for pdfkit (RubyGems) Sep 10, 2022
wonda-tea-coffee kiafaldorius
Credited to wonda-tea-coffee and kiafaldorius
PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending... Critical Unreviewed
CVE-2022-33941 was published Sep 9, 2022
In TOTOLINK A860R V4.1.2cu.5182_B20201027 in cstecgi.cgi, the acquired parameters are directly... Critical Unreviewed
CVE-2022-37843 was published Sep 7, 2022
All versions of iSTAR Ultra prior to version 6.8.9.CU01are vulnerable to a command injection that... Critical Unreviewed
CVE-2022-21941 was published Sep 1, 2022
In D-Link DIR-816 A2_v1.10CNB04.img a command injection vulnerability occurs in /goform/Diagnosis... Critical Unreviewed
CVE-2022-37130 was published Sep 1, 2022
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost. Critical Unreviewed
CVE-2022-37125 was published Sep 1, 2022
WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection... Critical Unreviewed
CVE-2022-37149 was published Aug 31, 2022
RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2022-36749 was published Aug 31, 2022
Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection... Critical Unreviewed
CVE-2022-36559 was published Aug 30, 2022
Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain a command injection... Critical Unreviewed
CVE-2022-36556 was published Aug 30, 2022
Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection... Critical Unreviewed
CVE-2022-36553 was published Aug 30, 2022
A command injection vulnerability in the CLI (Command Line Interface) implementation of Hytec... Critical Unreviewed
CVE-2022-36554 was published Aug 30, 2022
Font-Converter Vulnerable to Arbitrary Command Injection Critical
CVE-2022-21165 was published for font-converter (npm) Aug 29, 2022
D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 is vulnerable to Command... Critical Unreviewed
CVE-2022-37056 was published Aug 29, 2022
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to... Critical Unreviewed
CVE-2022-37057 was published Aug 29, 2022
DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php. Critical Unreviewed
CVE-2022-36756 was published Aug 29, 2022
TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php. Critical Unreviewed
CVE-2022-37053 was published Aug 29, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database