GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
1,746 advisories
Filter by severity
An issue was discovered in CALDERA 2.8.1. It contains multiple startup "requirements" that...
High
Unreviewed
CVE-2021-42559
was published
Jan 13, 2022
A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to...
High
Unreviewed
CVE-2022-22991
was published
Jan 14, 2022
jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController:...
Critical
Unreviewed
CVE-2021-45807
was published
Jan 14, 2022
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and...
High
Unreviewed
CVE-2021-45806
was published
Jan 14, 2022
China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone...
Critical
Unreviewed
CVE-2021-33963
was published
Jan 16, 2022
China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRMesh/set_ZRMesh which...
High
Unreviewed
CVE-2021-33965
was published
Jan 19, 2022
China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRRuleFilter...
High
Unreviewed
CVE-2021-33964
was published
Jan 19, 2022
A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local...
High
Unreviewed
CVE-2021-31854
was published
Jan 20, 2022
Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07.
Critical
Unreviewed
CVE-2021-44735
was published
Jan 21, 2022
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check.
Critical
Unreviewed
CVE-2022-23935
was published
Jan 26, 2022
The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to...
Critical
Unreviewed
CVE-2021-46560
was published
Jan 27, 2022
A command injection remote code execution vulnerability was discovered on Western Digital My...
Critical
Unreviewed
CVE-2022-22992
was published
Jan 29, 2022
Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain...
High
Unreviewed
CVE-2021-28962
was published
Feb 1, 2022
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in...
High
Unreviewed
CVE-2021-42638
was published
Feb 3, 2022
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability...
Critical
Unreviewed
CVE-2021-45742
was published
Feb 5, 2022
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection...
Critical
Unreviewed
CVE-2021-45738
was published
Feb 5, 2022
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection...
Critical
Unreviewed
CVE-2021-45733
was published
Feb 5, 2022
Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the...
Critical
Unreviewed
CVE-2022-24148
was published
Feb 8, 2022
Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the...
Critical
Unreviewed
CVE-2022-24150
was published
Feb 8, 2022
Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the...
Critical
Unreviewed
CVE-2022-24144
was published
Feb 8, 2022
Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu...
Critical
Unreviewed
CVE-2021-44247
was published
Feb 8, 2022
A improper neutralization of special elements used in a command ('command injection') in Fortinet...
High
Unreviewed
CVE-2021-41016
was published
Feb 8, 2022
D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection...
Critical
Unreviewed
CVE-2021-46457
was published
Feb 9, 2022
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection...
Critical
Unreviewed
CVE-2022-24170
was published
Feb 9, 2022
D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection...
Critical
Unreviewed
CVE-2021-46452
was published
Feb 9, 2022
ProTip!
Advisories are also available from the
GraphQL API