Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,176
Erlang
30
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

795 advisories

Loading
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack... Critical Unreviewed
CVE-2021-39363 was published Feb 25, 2022
A command injection vulnerability in the function updateWifiInfo of TOTOLINK Technology routers... Critical Unreviewed
CVE-2022-25130 was published Feb 20, 2022
A command injection vulnerability in the function recvSlaveCloudCheckStatus of TOTOLINK... Critical Unreviewed
CVE-2022-25131 was published Feb 20, 2022
A command injection vulnerability in the function meshSlaveDlfw of TOTOLINK Technology router T6... Critical Unreviewed
CVE-2022-25132 was published Feb 20, 2022
A command injection vulnerability in the function setUpgradeFW of TOTOLINK Technology router T6... Critical Unreviewed
CVE-2022-25134 was published Feb 20, 2022
A command injection vulnerability in the function isAssocPriDevice of TOTOLINK Technology router... Critical Unreviewed
CVE-2022-25133 was published Feb 20, 2022
A command injection vulnerability in the function recv_mesh_info_sync of TOTOLINK Technology... Critical Unreviewed
CVE-2022-25135 was published Feb 20, 2022
A command injection vulnerability in the function meshSlaveUpdate of TOTOLINK Technology routers... Critical Unreviewed
CVE-2022-25136 was published Feb 20, 2022
A command injection vulnerability in the function recvSlaveUpgstatus of TOTOLINK Technology... Critical Unreviewed
CVE-2022-25137 was published Feb 20, 2022
A Command injection vulnerability exists in Tenda AC10U AC1200 Smart Dual-band Wireless Router... Critical Unreviewed
CVE-2021-45401 was published Feb 19, 2022
A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L... Critical Unreviewed
CVE-2021-45382 was published Feb 18, 2022
A Remote Command Execution (RCE) vulnerability exists in HNAP1/control... Critical Unreviewed
CVE-2021-46314 was published Feb 18, 2022
Command Injection in theme-core Critical Unreviewed
CVE-2020-28432 was published Feb 15, 2022
StarWind SAN and NAS before 0.2 build 1685 allows remote code execution via a virtual disk... Critical Unreviewed
CVE-2022-24552 was published Feb 12, 2022
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection... Critical Unreviewed
CVE-2021-45987 was published Feb 9, 2022
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection... Critical Unreviewed
CVE-2021-45986 was published Feb 9, 2022
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection... Critical Unreviewed
CVE-2021-45990 was published Feb 9, 2022
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection... Critical Unreviewed
CVE-2021-46227 was published Feb 9, 2022
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection... Critical Unreviewed
CVE-2021-46226 was published Feb 9, 2022
D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection... Critical Unreviewed
CVE-2021-45998 was published Feb 9, 2022
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection... Critical Unreviewed
CVE-2021-46228 was published Feb 9, 2022
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection... Critical Unreviewed
CVE-2021-46232 was published Feb 9, 2022
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection... Critical Unreviewed
CVE-2021-46230 was published Feb 9, 2022
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection... Critical Unreviewed
CVE-2021-46231 was published Feb 9, 2022
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection... Critical Unreviewed
CVE-2021-46229 was published Feb 9, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database