Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,269
Erlang
31
GitHub Actions
21
Go
2,043
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,093 advisories

Loading
/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows... High Unreviewed
CVE-2020-10826 was published May 24, 2022
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker... High Unreviewed
CVE-2021-34726 was published May 24, 2022
A command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS... High Unreviewed
CVE-2021-31357 was published May 24, 2022
A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved... High Unreviewed
CVE-2021-31358 was published May 24, 2022
A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could... High Unreviewed
CVE-2021-34748 was published May 24, 2022
Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow... High Unreviewed
CVE-2021-34756 was published May 24, 2022
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local... High Unreviewed
CVE-2021-34725 was published May 24, 2022
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow... High Unreviewed
CVE-2021-34729 was published May 24, 2022
TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability... High Unreviewed
CVE-2022-38534 was published Sep 16, 2022
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An... High Unreviewed
CVE-2022-45094 was published Jan 10, 2023
TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability... High Unreviewed
CVE-2022-38535 was published Sep 16, 2022
DrayTek Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1 is affected by a remote... High Unreviewed
CVE-2020-14472 was published May 24, 2022
u'In the lbd service, an external user can issue a specially crafted debug command to overwrite... High Unreviewed
CVE-2020-11117 was published May 24, 2022
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote,... High Unreviewed
CVE-2020-5792 was published May 24, 2022
An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand... High Unreviewed
CVE-2020-27187 was published May 24, 2022
In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her... High Unreviewed
CVE-2020-25557 was published May 24, 2022
An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php... High Unreviewed
CVE-2020-25538 was published May 24, 2022
If exploited, the command injection vulnerability could allow remote attackers to execute... High Unreviewed
CVE-2020-2492 was published May 24, 2022
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector... High Unreviewed
CVE-2020-4006 was published May 24, 2022
A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software... High Unreviewed
CVE-2020-7129 was published May 24, 2022
D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary... High Unreviewed
CVE-2020-26582 was published May 24, 2022
Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An... High Unreviewed
CVE-2020-9116 was published May 24, 2022
Foxit PDF ActiveX before 5.5.1 allows remote code execution via command injection because of the... High Unreviewed
CVE-2018-19418 was published May 24, 2022
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface.... High Unreviewed
CVE-2022-37912 was published Dec 12, 2022
Barco TransForm N before 3.8 allows Command Injection (issue 2 of 4). The NDN-210 has a web... High Unreviewed
CVE-2020-17502 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database