Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

926 advisories

A command injection vulnerability in the function formImportOMCIShell of C-DATA ONU4FERW V2.1... High Unreviewed
CVE-2021-44132 was published Feb 26, 2022
IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could... High Unreviewed
CVE-2022-22308 was published Feb 22, 2022
Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable... High Unreviewed
CVE-2022-24295 was published Feb 22, 2022
Command Injection in Cobbler High
CVE-2021-45082 was published for cobbler (pip) Feb 20, 2022
CommScope URFboard SBG6950AC2 9.1.103AA23 devices allow Command Injection. High Unreviewed
CVE-2021-41552 was published Feb 16, 2022
CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code... High Unreviewed
CVE-2019-16864 was published Feb 15, 2022
OS Command Injection and Command Injection in kill-port-process High
CVE-2019-15609 was published for kill-port-process (npm) Feb 10, 2022
A improper neutralization of special elements used in a command ('command injection') in Fortinet... High Unreviewed
CVE-2021-41016 was published Feb 8, 2022
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in... High Unreviewed
CVE-2021-42638 was published Feb 3, 2022
Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain... High Unreviewed
CVE-2021-28962 was published Feb 1, 2022
A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local... High Unreviewed
CVE-2021-31854 was published Jan 20, 2022
China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRRuleFilter... High Unreviewed
CVE-2021-33964 was published Jan 19, 2022
China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRMesh/set_ZRMesh which... High Unreviewed
CVE-2021-33965 was published Jan 19, 2022
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and... High Unreviewed
CVE-2021-45806 was published Jan 14, 2022
A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to... High Unreviewed
CVE-2022-22991 was published Jan 14, 2022
An issue was discovered in CALDERA 2.8.1. It contains multiple startup "requirements" that... High Unreviewed
CVE-2021-42559 was published Jan 13, 2022
Pipenv's requirements.txt parsing allows malicious index url in comments High
CVE-2022-21668 was published for pipenv (pip) Jan 12, 2022
milo-minderbinder
IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a... High Unreviewed
CVE-2021-38991 was published Jan 12, 2022
A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a... High Unreviewed
CVE-2021-45441 was published Jan 11, 2022
An authenticated user can execute arbitrary command in Gerapy High
CVE-2021-32849 was published for gerapy (pip) Jan 6, 2022
OS Command Injection in celery High
CVE-2021-23727 was published for celery (pip) Jan 6, 2022
Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary... High Unreviewed
CVE-2021-45979 was published Jan 5, 2022
Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary... High Unreviewed
CVE-2021-45978 was published Jan 5, 2022
Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. The system log... High Unreviewed
CVE-2021-20159 was published Dec 31, 2021
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb... High Unreviewed
CVE-2021-20160 was published Dec 31, 2021
ProTip! Advisories are also available from the GraphQL API