Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+

868 advisories

Loading
In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the adm.cgi binary, accessible... Critical Unreviewed
CVE-2021-36705 was published May 24, 2022
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices... Critical Unreviewed
CVE-2020-25367 was published May 24, 2022
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function... Critical Unreviewed
CVE-2021-42888 was published Jun 4, 2022
The unofficial vscode-phpmd (aka PHP Mess Detector) extension before 1.3.0 for Visual Studio Code... Critical Unreviewed
CVE-2021-30124 was published May 24, 2022
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices... Critical Unreviewed
CVE-2020-25368 was published May 24, 2022
C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2022-29337 was published May 25, 2022
A remote command execution vulnerability exists in add_server_service of PPTP_SERVER in Mercury... Critical Unreviewed
CVE-2020-22724 was published May 24, 2022
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function... Critical Unreviewed
CVE-2021-42885 was published Jun 4, 2022
A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418... Critical Unreviewed
CVE-2022-29013 was published Jun 10, 2022
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function... Critical Unreviewed
CVE-2021-42890 was published Jun 4, 2022
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function... Critical Unreviewed
CVE-2021-42884 was published Jun 4, 2022
An command injection vulnerability in HNAP1/SetWLanApcliSettings of Motorola CX2 router CX 1.0.2... Critical Unreviewed
CVE-2020-21937 was published May 24, 2022
In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the adm.cgi binary, accessible... Critical Unreviewed
CVE-2021-36706 was published May 24, 2022
Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do... Critical Unreviewed
CVE-2021-27944 was published May 24, 2022
An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially... Critical Unreviewed
CVE-2020-27227 was published May 24, 2022
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function... Critical Unreviewed
CVE-2021-42875 was published Jun 3, 2022
opensysusers through 0.6 does not safely use eval on files in sysusers.d that may contain shell... Critical Unreviewed
CVE-2021-40084 was published May 24, 2022
An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a... Critical Unreviewed
CVE-2020-18048 was published May 24, 2022
An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute... Critical Unreviewed
CVE-2022-31311 was published Jun 15, 2022
A vulnerability was found in eprintsug ulcc-core. It has been declared as critical. Affected by... Critical Unreviewed
CVE-2021-4304 was published Jan 5, 2023
scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1... Critical Unreviewed
CVE-2016-7399 was published May 17, 2022
Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution... Critical Unreviewed
CVE-2022-31446 was published Jun 15, 2022
In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the "PING" (aka tag_ipPing)... Critical Unreviewed
CVE-2017-9980 was published May 17, 2022
ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of... Critical Unreviewed
CVE-2022-31874 was published Jun 18, 2022
D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2022-32092 was published Jun 28, 2022
ProTip! Advisories are also available from the GraphQL API