GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
1,891 advisories
Filter by severity
In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when...
Critical
Unreviewed
CVE-2017-7722
was published
May 17, 2022
Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command...
High
Unreviewed
CVE-2022-34539
was published
Jul 20, 2022
Shanghai Feixun Data Communication Technology Co., Ltd router fir302b A2 was discovered to...
High
Unreviewed
CVE-2022-27373
was published
Jul 20, 2022
The devtools.sh script in AXIS network cameras allows remote authenticated users to execute...
High
Unreviewed
CVE-2015-8257
was published
May 17, 2022
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE...
Critical
Unreviewed
CVE-2008-7313
was published
May 17, 2022
Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allows attackers with...
High
Unreviewed
CVE-2016-8801
was published
May 17, 2022
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.
High
Unreviewed
CVE-2016-5067
was published
May 17, 2022
The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to...
High
Unreviewed
CVE-2016-4445
was published
May 17, 2022
Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute...
High
Unreviewed
CVE-2016-10322
was published
May 17, 2022
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters:...
Critical
Unreviewed
CVE-2022-35522
was published
Aug 11, 2022
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameter...
Critical
Unreviewed
CVE-2022-35525
was published
Aug 11, 2022
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf...
Critical
Unreviewed
CVE-2022-35520
was published
Aug 11, 2022
A crafted configuration packet sent by an authenticated administrative user can be used to...
High
Unreviewed
CVE-2021-23862
was published
Dec 9, 2021
Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the...
Critical
Unreviewed
CVE-2022-34595
was published
Jul 7, 2022
A command injection vulnerability in Juniper Networks NorthStar Controller Application prior to...
Moderate
Unreviewed
CVE-2017-2324
was published
May 17, 2022
Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4...
High
Unreviewed
CVE-2022-28935
was published
Jul 7, 2022
An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over...
Critical
Unreviewed
CVE-2022-32310
was published
Jul 6, 2022
Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the...
Critical
Unreviewed
CVE-2022-34597
was published
Jul 7, 2022
Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10...
High
Unreviewed
CVE-2017-4054
was published
May 17, 2022
VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection...
Critical
Unreviewed
CVE-2017-4918
was published
May 17, 2022
default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary...
High
Unreviewed
CVE-2014-8990
was published
May 17, 2022
Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection...
Critical
Unreviewed
CVE-2022-42897
was published
Oct 13, 2022
piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor.
High
Unreviewed
CVE-2021-40553
was published
Jun 29, 2022
Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the...
Critical
Unreviewed
CVE-2022-34596
was published
Jul 7, 2022
D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the...
Critical
Unreviewed
CVE-2022-32092
was published
Jun 28, 2022
ProTip!
Advisories are also available from the
GraphQL API