Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,071 advisories

Loading
A remote command execution vulnerability exists in add_server_service of PPTP_SERVER in Mercury... Critical Unreviewed
CVE-2020-22724 was published May 24, 2022
An issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages. Critical Unreviewed
CVE-2021-42094 was published May 24, 2022
A command injection vulnerability has been reported to affect QNAP device running QVR. If... Critical Unreviewed
CVE-2021-34352 was published May 24, 2022
Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM)... Critical Unreviewed
CVE-2021-38124 was published May 24, 2022
A command injection vulnerability has been reported to affect QNAP device running QVR. If... Critical Unreviewed
CVE-2021-34351 was published May 24, 2022
A command injection vulnerability has been reported to affect QNAP device running QVR. If... Critical Unreviewed
CVE-2021-34348 was published May 24, 2022
A command injection vulnerability in the web server of some Hikvision product. Due to the... Critical Unreviewed
CVE-2021-36260 was published May 24, 2022
Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Command Injection via the... Critical Unreviewed
CVE-2019-6288 was published May 24, 2022
ManageEngine Desktop Central before build 10.0.683 allows Unauthenticated Remote Code Execution... Critical Unreviewed
CVE-2021-28960 was published May 24, 2022
There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command... Critical Unreviewed
CVE-2020-14119 was published May 24, 2022
Command Injection in PPGo_Jobs v2.8.0 allows remote attackers to execute arbitrary code via the ... Critical Unreviewed
CVE-2020-26772 was published May 24, 2022
An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a... Critical Unreviewed
CVE-2020-18048 was published May 24, 2022
Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do... Critical Unreviewed
CVE-2021-27944 was published May 24, 2022
opensysusers through 0.6 does not safely use eval on files in sysusers.d that may contain shell... Critical Unreviewed
CVE-2021-40084 was published May 24, 2022
A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device... Critical Unreviewed
CVE-2021-38611 was published May 24, 2022
An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router via the HTTP... Critical Unreviewed
CVE-2021-39510 was published May 24, 2022
An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 750m11ac wireless... Critical Unreviewed
CVE-2021-39509 was published May 24, 2022
Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management... Critical Unreviewed
CVE-2021-35395 was published May 24, 2022
Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that... Critical Unreviewed
CVE-2021-35394 was published May 24, 2022
An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to execute... Critical Unreviewed
CVE-2020-18758 was published May 24, 2022
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This... Critical Unreviewed
CVE-2021-38530 was published May 24, 2022
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This... Critical Unreviewed
CVE-2021-38527 was published May 24, 2022
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This... Critical Unreviewed
CVE-2021-38529 was published May 24, 2022
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This... Critical Unreviewed
CVE-2021-38528 was published May 24, 2022
rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers... Critical Unreviewed
CVE-2020-23151 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database