Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

955 advisories

Loading
An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any... Critical Unreviewed
CVE-2021-43474 was published Apr 9, 2022
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain... Critical Unreviewed
CVE-2022-27272 was published Apr 11, 2022
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain... Critical Unreviewed
CVE-2022-27275 was published Apr 11, 2022
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection... Critical Unreviewed
CVE-2021-45987 was published Feb 9, 2022
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection... Critical Unreviewed
CVE-2021-45986 was published Feb 9, 2022
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a command injection vulnerability via... Critical Unreviewed
CVE-2022-37070 was published Aug 26, 2022
A Remote Command Execution (RCE) vulnerability exists in HNAP1/control... Critical Unreviewed
CVE-2021-46314 was published Feb 18, 2022
Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function... Critical Unreviewed
CVE-2021-26728 was published Oct 24, 2022
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection... Critical Unreviewed
CVE-2022-44844 was published Nov 25, 2022
Command injection in npm-dependency-versions Critical
CVE-2022-29080 was published for npm-dependency-versions (npm) Apr 13, 2022
p-w
OS Command Injection in git-pull-or-clone Critical
CVE-2022-24437 was published for git-pull-or-clone (npm) May 3, 2022
lirantal
Command injection and multiple stack-based buffer overflows vulnerabilities in the... Critical Unreviewed
CVE-2021-26729 was published Oct 24, 2022
Multiple command injections and stack-based buffer overflows vulnerabilities in the... Critical Unreviewed
CVE-2021-26727 was published Oct 24, 2022
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login... Critical Unreviewed
CVE-2016-20017 was published Oct 19, 2022
VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remote code execution... Critical Unreviewed
CVE-2021-21984 was published May 24, 2022
In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when... Critical Unreviewed
CVE-2020-20951 was published May 24, 2022
A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash... Critical Unreviewed
CVE-2022-28618 was published May 21, 2022
In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary... Critical Unreviewed
CVE-2021-33204 was published May 24, 2022
Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an... Critical Unreviewed
CVE-2021-1142 was published May 24, 2022
Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another... Critical Unreviewed
CVE-2021-3401 was published May 24, 2022
rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers... Critical Unreviewed
CVE-2020-23151 was published May 24, 2022
In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the adm.cgi binary, accessible... Critical Unreviewed
CVE-2021-36705 was published May 24, 2022
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices... Critical Unreviewed
CVE-2020-25367 was published May 24, 2022
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function... Critical Unreviewed
CVE-2021-42888 was published Jun 4, 2022
The unofficial vscode-phpmd (aka PHP Mess Detector) extension before 1.3.0 for Visual Studio Code... Critical Unreviewed
CVE-2021-30124 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database