Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,079 advisories

Loading
A command injection vulnerability in the function formImportOMCIShell of C-DATA ONU4FERW V2.1... High Unreviewed
CVE-2021-44132 was published Feb 26, 2022
The laser command injection vulnerability exists on AIS-BW80H-00 versions earlier than AIS-BW80H... High Unreviewed
CVE-2021-40043 was published Feb 26, 2022
An authenticated remote code execution vulnerability was discovered in the AOS-CX Network... High Unreviewed
CVE-2021-41001 was published Mar 3, 2022
Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX... High Unreviewed
CVE-2021-41000 was published Mar 3, 2022
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Weblate High
CVE-2022-23915 was published for Weblate (pip) Mar 4, 2022
dellalibera
Command injection in Weblate High
CVE-2022-24727 was published for Weblate (pip) Mar 5, 2022
In ims service, there is a possible AT command injection due to a missing permission check. This... High Unreviewed
CVE-2022-20054 was published Mar 11, 2022
Command injection in simple-git High
CVE-2022-24433 was published for simple-git (npm) Mar 12, 2022
Command Injection in ungit High
CVE-2022-25766 was published for ungit (npm) Mar 22, 2022
The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection... High Unreviewed
CVE-2022-24237 was published Mar 22, 2022
Specially crafted string in OTRS system configuration can allow the execution of any system command. High Unreviewed
CVE-2021-36100 was published Mar 22, 2022
Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be... High Unreviewed
CVE-2022-1030 was published Mar 24, 2022
Improper neutralization of special elements used in a command ('Command Injection') vulnerability... High Unreviewed
CVE-2022-22688 was published Mar 26, 2022
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection... High Unreviewed
CVE-2021-43663 was published Apr 1, 2022
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection... High Unreviewed
CVE-2021-43664 was published Apr 1, 2022
A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to... High Unreviewed
CVE-2022-20665 was published Apr 7, 2022
An authenticated user may be able to misuse parameters to inject arbitrary operating system... High Unreviewed
CVE-2022-0999 was published Apr 12, 2022
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create... High Unreviewed
CVE-2021-43286 was published Apr 15, 2022
On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell... High Unreviewed
CVE-2009-5157 was published Apr 21, 2022
Command injection in czproject/git-php High
CVE-2022-25866 was published for czproject/git-php (Composer) Apr 26, 2022
The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the... High Unreviewed
CVE-2022-26111 was published Apr 26, 2022
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web... High Unreviewed
CVE-2021-34592 was published Apr 28, 2022
Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An... High Unreviewed
CVE-2022-1509 was published Apr 29, 2022
PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows... High Unreviewed
CVE-2005-2793 was published May 1, 2022
OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for... High Unreviewed
CVE-2010-0136 was published May 2, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database