Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,079 advisories

Loading
Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi... High Unreviewed
CVE-2021-20167 was published Dec 31, 2021
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb... High Unreviewed
CVE-2021-20160 was published Dec 31, 2021
Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. The system log... High Unreviewed
CVE-2021-20159 was published Dec 31, 2021
Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary... High Unreviewed
CVE-2021-45978 was published Jan 5, 2022
Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary... High Unreviewed
CVE-2021-45979 was published Jan 5, 2022
OS Command Injection in celery High
CVE-2021-23727 was published for celery (pip) Jan 6, 2022
An authenticated user can execute arbitrary command in Gerapy High
CVE-2021-32849 was published for gerapy (pip) Jan 6, 2022
A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a... High Unreviewed
CVE-2021-45441 was published Jan 11, 2022
IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a... High Unreviewed
CVE-2021-38991 was published Jan 12, 2022
Pipenv's requirements.txt parsing allows malicious index url in comments High
CVE-2022-21668 was published for pipenv (pip) Jan 12, 2022
milo-minderbinder
An issue was discovered in CALDERA 2.8.1. It contains multiple startup "requirements" that... High Unreviewed
CVE-2021-42559 was published Jan 13, 2022
A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to... High Unreviewed
CVE-2022-22991 was published Jan 14, 2022
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and... High Unreviewed
CVE-2021-45806 was published Jan 14, 2022
China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRMesh/set_ZRMesh which... High Unreviewed
CVE-2021-33965 was published Jan 19, 2022
China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRRuleFilter... High Unreviewed
CVE-2021-33964 was published Jan 19, 2022
A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local... High Unreviewed
CVE-2021-31854 was published Jan 20, 2022
Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain... High Unreviewed
CVE-2021-28962 was published Feb 1, 2022
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in... High Unreviewed
CVE-2021-42638 was published Feb 3, 2022
A improper neutralization of special elements used in a command ('command injection') in Fortinet... High Unreviewed
CVE-2021-41016 was published Feb 8, 2022
OS Command Injection and Command Injection in kill-port-process High
CVE-2019-15609 was published for kill-port-process (npm) Feb 10, 2022
CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code... High Unreviewed
CVE-2019-16864 was published Feb 15, 2022
CommScope URFboard SBG6950AC2 9.1.103AA23 devices allow Command Injection. High Unreviewed
CVE-2021-41552 was published Feb 16, 2022
Command Injection in Cobbler High
CVE-2021-45082 was published for cobbler (pip) Feb 20, 2022
IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could... High Unreviewed
CVE-2022-22308 was published Feb 22, 2022
Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable... High Unreviewed
CVE-2022-24295 was published Feb 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database