GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,996
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
620
pip
3,135
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
196 advisories
Filter by severity
iCatch DVR do not validate function parameter properly, resulting attackers executing arbitrary...
Moderate
Unreviewed
CVE-2020-10514
was published
May 24, 2022
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a...
Moderate
Unreviewed
CVE-2020-6811
was published
May 24, 2022
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability...
Moderate
Unreviewed
CVE-2019-17101
was published
May 24, 2022
Several potential command injections vulnerabilities exist in the AT command interface of ALEOS...
Moderate
Unreviewed
CVE-2019-11853
was published
May 24, 2022
Some Huawei products have a command injection vulnerability. Due to insufficient input validation...
Moderate
Unreviewed
CVE-2020-9127
was published
May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects...
Moderate
Unreviewed
CVE-2020-35791
was published
May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects...
Moderate
Unreviewed
CVE-2020-35790
was published
May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects...
Moderate
Unreviewed
CVE-2020-35793
was published
May 24, 2022
In netdiag, there is a possible command injection due to improper input validation. This could...
Moderate
Unreviewed
CVE-2021-0356
was published
May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects...
Moderate
Unreviewed
CVE-2020-35792
was published
May 24, 2022
Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads...
Moderate
Unreviewed
CVE-2020-27542
was published
May 24, 2022
In mobile_log_d, there is a possible command injection due to improper input validation. This...
Moderate
Unreviewed
CVE-2021-0364
was published
May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects...
Moderate
Unreviewed
CVE-2020-35794
was published
May 24, 2022
In netdiag, there is a possible command injection due to improper input validation. This could...
Moderate
Unreviewed
CVE-2021-0358
was published
May 24, 2022
In mobile_log_d, there is a possible command injection due to a missing bounds check. This could...
Moderate
Unreviewed
CVE-2021-0363
was published
May 24, 2022
A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the...
Moderate
Unreviewed
CVE-2021-28275
was published
Mar 24, 2022
In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses...
Moderate
Unreviewed
CVE-2021-38372
was published
May 24, 2022
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext...
Moderate
Unreviewed
CVE-2021-38373
was published
May 24, 2022
In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS...
Moderate
Unreviewed
CVE-2020-15955
was published
May 24, 2022
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special...
Moderate
Unreviewed
CVE-2021-21595
was published
May 24, 2022
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy...
Moderate
Unreviewed
CVE-2021-40994
was published
May 24, 2022
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy...
Moderate
Unreviewed
CVE-2021-40995
was published
May 24, 2022
Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker...
Moderate
Unreviewed
CVE-2021-26321
was published
May 24, 2022
An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running...
Moderate
Unreviewed
CVE-2017-12094
was published
May 13, 2022
The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and...
Moderate
Unreviewed
CVE-2014-3556
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API