Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,946
Erlang
29
GitHub Actions
16
Go
1,734
Maven
4,963
npm
3,494
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
779
Swift
34
Unreviewed advisories
All unreviewed
5,000+

926 advisories

Improper escaping of command arguments on Windows leading to command injection High
CVE-2021-41116 was published for composer/composer (Composer) Oct 5, 2021
paul-gerste-sonarsource
Arbitrary command execution on Windows via qutebrowserurl: URL handler High
CVE-2021-41146 was published for qutebrowser (pip) Oct 22, 2021
The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The ... High Unreviewed
CVE-2021-43557 was published Nov 23, 2021
There is a command injection vulnerability in CMA service module of FusionCompute product when... High Unreviewed
CVE-2021-37102 was published Nov 24, 2021
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text... High Unreviewed
CVE-2021-28708 was published Nov 25, 2021
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text... High Unreviewed
CVE-2021-28707 was published Nov 25, 2021
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text... High Unreviewed
CVE-2021-28704 was published Nov 25, 2021
VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead... High Unreviewed
CVE-2021-43469 was published Dec 7, 2021
A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with... High Unreviewed
CVE-2021-42132 was published Dec 8, 2021
A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with... High Unreviewed
CVE-2021-42129 was published Dec 8, 2021
The executable file warning was not presented when downloading .inetloc files, which, due to a... High Unreviewed
CVE-2021-38510 was published Dec 9, 2021
A crafted configuration packet sent by an authenticated administrative user can be used to... High Unreviewed
CVE-2021-23862 was published Dec 9, 2021
Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77]... High Unreviewed
CVE-2021-36180 was published Dec 9, 2021
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to... High Unreviewed
CVE-2021-32499 was published Dec 18, 2021
Mesa Labs AmegaView Versions 3.0 and prior has a command injection vulnerability that can be... High Unreviewed
CVE-2021-27449 was published Dec 22, 2021
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via... High Unreviewed
CVE-2021-3621 was published Dec 24, 2021
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This... High Unreviewed
CVE-2021-45633 was published Dec 27, 2021
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This... High Unreviewed
CVE-2021-45634 was published Dec 27, 2021
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This... High Unreviewed
CVE-2021-45635 was published Dec 27, 2021
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This... High Unreviewed
CVE-2021-45631 was published Dec 27, 2021
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This... High Unreviewed
CVE-2021-45632 was published Dec 27, 2021
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This... High Unreviewed
CVE-2021-45628 was published Dec 27, 2021
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This... High Unreviewed
CVE-2021-45629 was published Dec 27, 2021
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This... High Unreviewed
CVE-2021-45626 was published Dec 27, 2021
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This... High Unreviewed
CVE-2021-45615 was published Dec 27, 2021
ProTip! Advisories are also available from the GraphQL API