GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,991
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,063 advisories
Filter by severity
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain...
Critical
Unreviewed
CVE-2022-27269
was published
Apr 11, 2022
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain...
Critical
Unreviewed
CVE-2022-27268
was published
Apr 11, 2022
A command injection vulerability found in quick game engine allows arbitrary remote code in quick...
Critical
Unreviewed
CVE-2021-23247
was published
Apr 3, 2022
A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3...
Critical
Unreviewed
CVE-2022-23900
was published
Apr 8, 2022
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to...
High
Unreviewed
CVE-2021-32499
was published
Dec 18, 2021
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability...
Moderate
Unreviewed
CVE-2022-25619
was published
Mar 31, 2022
The executable file warning was not presented when downloading .inetloc files, which, due to a...
High
Unreviewed
CVE-2021-38510
was published
Dec 9, 2021
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection...
High
Unreviewed
CVE-2021-43664
was published
Apr 1, 2022
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection...
High
Unreviewed
CVE-2021-43663
was published
Apr 1, 2022
Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77]...
High
Unreviewed
CVE-2021-36180
was published
Dec 9, 2021
A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900...
Critical
Unreviewed
CVE-2021-43118
was published
Mar 30, 2022
Improper neutralization of special elements used in a command ('Command Injection') vulnerability...
High
Unreviewed
CVE-2022-22688
was published
Mar 26, 2022
D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a...
Critical
Unreviewed
CVE-2021-31326
was published
Mar 25, 2022
An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, ...
Critical
Unreviewed
CVE-2021-45966
was published
Mar 19, 2022
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection...
Critical
Unreviewed
CVE-2022-26187
was published
Mar 23, 2022
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection...
Critical
Unreviewed
CVE-2022-26188
was published
Mar 23, 2022
Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be...
High
Unreviewed
CVE-2022-1030
was published
Mar 24, 2022
The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection...
High
Unreviewed
CVE-2022-24237
was published
Mar 22, 2022
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in...
Critical
Unreviewed
CVE-2022-25428
was published
Mar 19, 2022
Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability...
Critical
Unreviewed
CVE-2022-25441
was published
Mar 19, 2022
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the...
Critical
Unreviewed
CVE-2022-25435
was published
Mar 19, 2022
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter...
Critical
Unreviewed
CVE-2022-25427
was published
Mar 19, 2022
ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via...
Critical
Unreviewed
CVE-2022-23881
was published
Mar 24, 2022
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection....
Critical
Unreviewed
CVE-2021-45876
was published
Mar 22, 2022
ProTip!
Advisories are also available from the
GraphQL API