Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,091 advisories

Loading
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote... High Unreviewed
CVE-2022-43537 was published Jan 5, 2023
A vulnerability classified as critical has been found in SevOne Network Management System up to 5... High Unreviewed
CVE-2020-36529 was published Jun 8, 2022
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an... High Unreviewed
CVE-2019-9972 was published Jun 8, 2022
ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which... High Unreviewed
CVE-2021-41738 was published Jun 12, 2022
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233... High Unreviewed
CVE-2016-0920 was published May 17, 2022
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0... High Unreviewed
CVE-2017-11392 was published May 17, 2022
MERCURY MIPC451-4 1.0.22 Build 220105 Rel.55642n was discovered to contain a remote code... High Unreviewed
CVE-2022-31849 was published Jun 17, 2022
Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping... High Unreviewed
CVE-2022-30023 was published Jun 17, 2022
The affected product is vulnerable to a parameter injection via passphrase, which enables the... High Unreviewed
CVE-2021-42538 was published May 24, 2022
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote... High Unreviewed
CVE-2022-43536 was published Jan 5, 2023
Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search... High Unreviewed
CVE-2022-32154 was published Jun 16, 2022
piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor. High Unreviewed
CVE-2021-40553 was published Jun 29, 2022
default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary... High Unreviewed
CVE-2014-8990 was published May 17, 2022
Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10... High Unreviewed
CVE-2017-4054 was published May 17, 2022
Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4... High Unreviewed
CVE-2022-28935 was published Jul 7, 2022
A crafted configuration packet sent by an authenticated administrative user can be used to... High Unreviewed
CVE-2021-23862 was published Dec 9, 2021
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection. High Unreviewed
CVE-2016-5067 was published May 17, 2022
Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute... High Unreviewed
CVE-2016-10322 was published May 17, 2022
The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to... High Unreviewed
CVE-2016-4445 was published May 17, 2022
Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allows attackers with... High Unreviewed
CVE-2016-8801 was published May 17, 2022
The devtools.sh script in AXIS network cameras allows remote authenticated users to execute... High Unreviewed
CVE-2015-8257 was published May 17, 2022
Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command... High Unreviewed
CVE-2022-34539 was published Jul 20, 2022
Shanghai Feixun Data Communication Technology Co., Ltd router fir302b A2 was discovered to... High Unreviewed
CVE-2022-27373 was published Jul 20, 2022
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < 2.15.1), RUGGEDCOM... High Unreviewed
CVE-2022-29560 was published Jul 13, 2022
A malformed SMI (System Management Interface) command may allow an attacker to establish a... High Unreviewed
CVE-2021-26384 was published Jul 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database