Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,267 advisories

Loading
OS Command Injection in gogs Critical
CVE-2021-32546 was published for gogs.io/gogs (Go) Jun 2, 2022
unicorn-security-team
Credited to unicorn-security-team
OS Command Injection in gogs Critical
CVE-2022-1884 was published for gogs.io/gogs (Go) Jun 2, 2022
1135
Credited to 1135
A vulnerability in the web-based management interface of Cisco Secure Network Analytics,... Critical Unreviewed
CVE-2022-20797 was published May 28, 2022
In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire... Critical Unreviewed
CVE-2020-25560 was published May 24, 2022
Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution. Critical Unreviewed
CVE-2019-7269 was published May 24, 2022
Linear eMerge E3-Series devices allow Command Injections. Critical Unreviewed
CVE-2019-7256 was published May 24, 2022
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR... Critical Unreviewed
CVE-2018-6530 was published May 24, 2022
PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and... Critical Unreviewed
CVE-2021-20850 was published May 24, 2022
OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 firmware allows a remote... Critical Unreviewed
CVE-2021-42784 was published May 24, 2022
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive... Critical Unreviewed
CVE-2021-40113 was published May 24, 2022
An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 which allows attackers to... Critical Unreviewed
CVE-2020-26707 was published May 24, 2022
Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier ... Critical Unreviewed
CVE-2021-20837 was published May 24, 2022
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker... Critical Unreviewed
CVE-2021-38478 was published May 24, 2022
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker... Critical Unreviewed
CVE-2021-38470 was published May 24, 2022
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1... Critical Unreviewed
CVE-2021-27561 was published May 24, 2022
A remote command execution vulnerability exists in add_server_service of PPTP_SERVER in Mercury... Critical Unreviewed
CVE-2020-22724 was published May 24, 2022
In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command... Critical Unreviewed
CVE-2021-42071 was published May 24, 2022
A command injection vulnerability has been reported to affect QNAP device running QVR. If... Critical Unreviewed
CVE-2021-34351 was published May 24, 2022
A command injection vulnerability has been reported to affect QNAP device running QVR. If... Critical Unreviewed
CVE-2021-34348 was published May 24, 2022
A command injection vulnerability in the web server of some Hikvision product. Due to the... Critical Unreviewed
CVE-2021-36260 was published May 24, 2022
Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection... Critical Unreviewed
CVE-2021-37925 was published May 24, 2022
The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number... Critical Unreviewed
CVE-2021-37912 was published May 24, 2022
The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter... Critical Unreviewed
CVE-2021-37913 was published May 24, 2022
A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA... Critical Unreviewed
CVE-2021-31891 was published May 24, 2022
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13... Critical Unreviewed
CVE-2021-23031 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database