GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
791 advisories
Filter by severity
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote...
High
Unreviewed
CVE-2021-1443
was published
May 24, 2022
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0...
High
Unreviewed
CVE-2017-11391
was published
May 17, 2022
Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the ...
High
Unreviewed
CVE-2020-18885
was published
May 24, 2022
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote...
High
Unreviewed
CVE-2022-43538
was published
Jan 5, 2023
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote...
High
Unreviewed
CVE-2022-43537
was published
Jan 5, 2023
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an...
High
Unreviewed
CVE-2019-9972
was published
Jun 8, 2022
A vulnerability classified as critical has been found in SevOne Network Management System up to 5...
High
Unreviewed
CVE-2020-36529
was published
Jun 8, 2022
ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which...
High
Unreviewed
CVE-2021-41738
was published
Jun 12, 2022
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233...
High
Unreviewed
CVE-2016-0920
was published
May 17, 2022
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0...
High
Unreviewed
CVE-2017-11392
was published
May 17, 2022
Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping...
High
Unreviewed
CVE-2022-30023
was published
Jun 17, 2022
MERCURY MIPC451-4 1.0.22 Build 220105 Rel.55642n was discovered to contain a remote code...
High
Unreviewed
CVE-2022-31849
was published
Jun 17, 2022
The affected product is vulnerable to a parameter injection via passphrase, which enables the...
High
Unreviewed
CVE-2021-42538
was published
May 24, 2022
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote...
High
Unreviewed
CVE-2022-43536
was published
Jan 5, 2023
Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search...
High
Unreviewed
CVE-2022-32154
was published
Jun 16, 2022
piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor.
High
Unreviewed
CVE-2021-40553
was published
Jun 29, 2022
default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary...
High
Unreviewed
CVE-2014-8990
was published
May 17, 2022
Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10...
High
Unreviewed
CVE-2017-4054
was published
May 17, 2022
Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4...
High
Unreviewed
CVE-2022-28935
was published
Jul 7, 2022
A crafted configuration packet sent by an authenticated administrative user can be used to...
High
Unreviewed
CVE-2021-23862
was published
Dec 9, 2021
Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute...
High
Unreviewed
CVE-2016-10322
was published
May 17, 2022
The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to...
High
Unreviewed
CVE-2016-4445
was published
May 17, 2022
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.
High
Unreviewed
CVE-2016-5067
was published
May 17, 2022
Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allows attackers with...
High
Unreviewed
CVE-2016-8801
was published
May 17, 2022
The devtools.sh script in AXIS network cameras allows remote authenticated users to execute...
High
Unreviewed
CVE-2015-8257
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API