Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

949 advisories

Loading
Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77]... High Unreviewed
CVE-2021-36180 was published Dec 9, 2021
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection... High Unreviewed
CVE-2021-43663 was published Apr 1, 2022
The executable file warning was not presented when downloading .inetloc files, which, due to a... High Unreviewed
CVE-2021-38510 was published Dec 9, 2021
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection... High Unreviewed
CVE-2021-43664 was published Apr 1, 2022
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to... High Unreviewed
CVE-2021-32499 was published Dec 18, 2021
A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to... High Unreviewed
CVE-2022-20665 was published Apr 7, 2022
Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. The system log... High Unreviewed
CVE-2021-20159 was published Dec 31, 2021
Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary... High Unreviewed
CVE-2021-45978 was published Jan 5, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects... High Unreviewed
CVE-2021-45602 was published Dec 27, 2021
Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary... High Unreviewed
CVE-2021-45979 was published Jan 5, 2022
Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection vulnerability in update... High Unreviewed
CVE-2021-20173 was published Dec 31, 2021
A improper neutralization of special elements used in a command ('command injection') in Fortinet... High Unreviewed
CVE-2021-41016 was published Feb 8, 2022
An authenticated user may be able to misuse parameters to inject arbitrary operating system... High Unreviewed
CVE-2022-0999 was published Apr 12, 2022
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb... High Unreviewed
CVE-2021-20160 was published Dec 31, 2021
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create... High Unreviewed
CVE-2021-43286 was published Apr 15, 2022
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and... High Unreviewed
CVE-2021-45806 was published Jan 14, 2022
Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain... High Unreviewed
CVE-2021-28962 was published Feb 1, 2022
IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a... High Unreviewed
CVE-2021-38991 was published Jan 12, 2022
A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a... High Unreviewed
CVE-2021-45441 was published Jan 11, 2022
An exploitable command injection vulnerability exists in the web management interface used by the... High Unreviewed
CVE-2017-2832 was published May 13, 2022
An exploitable command injection vulnerability exists in the web management interface used by the... High Unreviewed
CVE-2017-2833 was published May 13, 2022
Improper Neutralization of Special Elements used in a Command in Apache Cassandra High
CVE-2015-0225 was published for org.apache.cassandra:apache-cassandra (Maven) May 14, 2022
Command injection in czproject/git-php High
CVE-2022-25866 was published for czproject/git-php (Composer) Apr 26, 2022
The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the... High Unreviewed
CVE-2022-26111 was published Apr 26, 2022
SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote... High Unreviewed
CVE-2022-36962 was published Nov 29, 2022
ProTip! Advisories are also available from the GraphQL API