GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
882 advisories
Filter by severity
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create...
High
Unreviewed
CVE-2021-43286
was published
Apr 15, 2022
An authenticated user may be able to misuse parameters to inject arbitrary operating system...
High
Unreviewed
CVE-2022-0999
was published
Apr 12, 2022
A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to...
High
Unreviewed
CVE-2022-20665
was published
Apr 7, 2022
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection...
High
Unreviewed
CVE-2021-43664
was published
Apr 1, 2022
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection...
High
Unreviewed
CVE-2021-43663
was published
Apr 1, 2022
Improper neutralization of special elements used in a command ('Command Injection') vulnerability...
High
Unreviewed
CVE-2022-22688
was published
Mar 26, 2022
Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be...
High
Unreviewed
CVE-2022-1030
was published
Mar 24, 2022
Specially crafted string in OTRS system configuration can allow the execution of any system command.
High
Unreviewed
CVE-2021-36100
was published
Mar 22, 2022
The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection...
High
Unreviewed
CVE-2022-24237
was published
Mar 22, 2022
In ims service, there is a possible AT command injection due to a missing permission check. This...
High
Unreviewed
CVE-2022-20054
was published
Mar 11, 2022
Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX...
High
Unreviewed
CVE-2021-41000
was published
Mar 3, 2022
An authenticated remote code execution vulnerability was discovered in the AOS-CX Network...
High
Unreviewed
CVE-2021-41001
was published
Mar 3, 2022
The laser command injection vulnerability exists on AIS-BW80H-00 versions earlier than AIS-BW80H...
High
Unreviewed
CVE-2021-40043
was published
Feb 26, 2022
A command injection vulnerability in the function formImportOMCIShell of C-DATA ONU4FERW V2.1...
High
Unreviewed
CVE-2021-44132
was published
Feb 26, 2022
Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable...
High
Unreviewed
CVE-2022-24295
was published
Feb 22, 2022
IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could...
High
Unreviewed
CVE-2022-22308
was published
Feb 22, 2022
CommScope URFboard SBG6950AC2 9.1.103AA23 devices allow Command Injection.
High
Unreviewed
CVE-2021-41552
was published
Feb 16, 2022
CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code...
High
Unreviewed
CVE-2019-16864
was published
Feb 15, 2022
A improper neutralization of special elements used in a command ('command injection') in Fortinet...
High
Unreviewed
CVE-2021-41016
was published
Feb 8, 2022
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in...
High
Unreviewed
CVE-2021-42638
was published
Feb 3, 2022
Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain...
High
Unreviewed
CVE-2021-28962
was published
Feb 1, 2022
A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local...
High
Unreviewed
CVE-2021-31854
was published
Jan 20, 2022
China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRRuleFilter...
High
Unreviewed
CVE-2021-33964
was published
Jan 19, 2022
China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRMesh/set_ZRMesh which...
High
Unreviewed
CVE-2021-33965
was published
Jan 19, 2022
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and...
High
Unreviewed
CVE-2021-45806
was published
Jan 14, 2022
ProTip!
Advisories are also available from the
GraphQL API