GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
193 advisories
Filter by severity
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0...
Moderate
Unreviewed
CVE-2022-40765
was published
Nov 22, 2022
Hustoj 22.09.22 has a XSS Vulnerability in /admin/problem_judge.php.
Moderate
Unreviewed
CVE-2022-42187
was published
Nov 17, 2022
A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS...
Moderate
Unreviewed
CVE-2022-20934
was published
Nov 16, 2022
Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker...
Moderate
Unreviewed
CVE-2021-26321
was published
May 24, 2022
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy...
Moderate
Unreviewed
CVE-2021-40994
was published
May 24, 2022
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy...
Moderate
Unreviewed
CVE-2021-40995
was published
May 24, 2022
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special...
Moderate
Unreviewed
CVE-2021-21595
was published
May 24, 2022
In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS...
Moderate
Unreviewed
CVE-2020-15955
was published
May 24, 2022
In Alpine through 2.24, untagged responses from an IMAP server are accepted before STARTTLS.
Moderate
Unreviewed
CVE-2021-38370
was published
May 24, 2022
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext...
Moderate
Unreviewed
CVE-2021-38373
was published
May 24, 2022
In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses...
Moderate
Unreviewed
CVE-2021-38372
was published
May 24, 2022
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy...
Moderate
Unreviewed
CVE-2021-34614
was published
May 24, 2022
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy...
Moderate
Unreviewed
CVE-2021-34615
was published
May 24, 2022
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy...
Moderate
Unreviewed
CVE-2021-34613
was published
May 24, 2022
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy...
Moderate
Unreviewed
CVE-2021-34616
was published
May 24, 2022
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy...
Moderate
Unreviewed
CVE-2021-34612
was published
May 24, 2022
The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp....
Moderate
Unreviewed
CVE-2021-33515
was published
May 24, 2022
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be...
Moderate
Unreviewed
CVE-2021-22864
was published
May 24, 2022
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave...
Moderate
Unreviewed
CVE-2021-26970
was published
May 24, 2022
In mobile_log_d, there is a possible command injection due to improper input validation. This...
Moderate
Unreviewed
CVE-2021-0364
was published
May 24, 2022
In netdiag, there is a possible command injection due to improper input validation. This could...
Moderate
Unreviewed
CVE-2021-0358
was published
May 24, 2022
In mobile_log_d, there is a possible command injection due to a missing bounds check. This could...
Moderate
Unreviewed
CVE-2021-0363
was published
May 24, 2022
In netdiag, there is a possible command injection due to improper input validation. This could...
Moderate
Unreviewed
CVE-2021-0356
was published
May 24, 2022
Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads...
Moderate
Unreviewed
CVE-2020-27542
was published
May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects...
Moderate
Unreviewed
CVE-2020-35791
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API