GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
223 advisories
Filter by severity
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy...
Moderate
Unreviewed
CVE-2021-34615
was published
May 24, 2022
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy...
Moderate
Unreviewed
CVE-2021-34613
was published
May 24, 2022
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy...
Moderate
Unreviewed
CVE-2021-34616
was published
May 24, 2022
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy...
Moderate
Unreviewed
CVE-2021-34612
was published
May 24, 2022
The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp....
Moderate
Unreviewed
CVE-2021-33515
was published
May 24, 2022
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be...
Moderate
Unreviewed
CVE-2021-22864
was published
May 24, 2022
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave...
Moderate
Unreviewed
CVE-2021-26970
was published
May 24, 2022
In mobile_log_d, there is a possible command injection due to improper input validation. This...
Moderate
Unreviewed
CVE-2021-0364
was published
May 24, 2022
In netdiag, there is a possible command injection due to improper input validation. This could...
Moderate
Unreviewed
CVE-2021-0358
was published
May 24, 2022
In mobile_log_d, there is a possible command injection due to a missing bounds check. This could...
Moderate
Unreviewed
CVE-2021-0363
was published
May 24, 2022
In netdiag, there is a possible command injection due to improper input validation. This could...
Moderate
Unreviewed
CVE-2021-0356
was published
May 24, 2022
Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads...
Moderate
Unreviewed
CVE-2020-27542
was published
May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects...
Moderate
Unreviewed
CVE-2020-35793
was published
May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects...
Moderate
Unreviewed
CVE-2020-35790
was published
May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects...
Moderate
Unreviewed
CVE-2020-35794
was published
May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects...
Moderate
Unreviewed
CVE-2020-35791
was published
May 24, 2022
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects...
Moderate
Unreviewed
CVE-2020-35792
was published
May 24, 2022
Some Huawei products have a command injection vulnerability. Due to insufficient input validation...
Moderate
Unreviewed
CVE-2020-9127
was published
May 24, 2022
Several potential command injections vulnerabilities exist in the AT command interface of ALEOS...
Moderate
Unreviewed
CVE-2019-11853
was published
May 24, 2022
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability...
Moderate
Unreviewed
CVE-2019-17101
was published
May 24, 2022
iCatch DVR do not validate function parameter properly, resulting attackers executing arbitrary...
Moderate
Unreviewed
CVE-2020-10514
was published
May 24, 2022
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a...
Moderate
Unreviewed
CVE-2020-6811
was published
May 24, 2022
In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read...
Moderate
Unreviewed
CVE-2019-12921
was published
May 24, 2022
cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246).
Moderate
Unreviewed
CVE-2017-18442
was published
May 24, 2022
cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82).
Moderate
Unreviewed
CVE-2016-10849
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API