GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,061 advisories
Filter by severity
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were...
Critical
Unreviewed
CVE-2022-26991
was published
Mar 17, 2022
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were...
Critical
Unreviewed
CVE-2022-27005
was published
Mar 17, 2022
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu...
Critical
Unreviewed
CVE-2022-26211
was published
Mar 17, 2022
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were...
Critical
Unreviewed
CVE-2022-26990
was published
Mar 17, 2022
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu...
Critical
Unreviewed
CVE-2022-26214
was published
Mar 17, 2022
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu...
Critical
Unreviewed
CVE-2022-26207
was published
Mar 17, 2022
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were...
Critical
Unreviewed
CVE-2022-26993
was published
Mar 17, 2022
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were...
Critical
Unreviewed
CVE-2022-27003
was published
Mar 17, 2022
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were...
Critical
Unreviewed
CVE-2022-27004
was published
Mar 17, 2022
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu...
Critical
Unreviewed
CVE-2022-26212
was published
Mar 17, 2022
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were...
Critical
Unreviewed
CVE-2022-26994
was published
Mar 17, 2022
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were...
Critical
Unreviewed
CVE-2022-26992
was published
Mar 17, 2022
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu...
Critical
Unreviewed
CVE-2022-26210
was published
Mar 17, 2022
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu...
Critical
Unreviewed
CVE-2022-26206
was published
Mar 17, 2022
Command injection in libvcs and vcspull
High
CVE-2022-21187
was published
for
libvcs
(pip)
Mar 15, 2022
A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm...
Critical
Unreviewed
CVE-2021-44620
was published
Mar 12, 2022
In ims service, there is a possible AT command injection due to a missing permission check. This...
High
Unreviewed
CVE-2022-20054
was published
Mar 11, 2022
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection...
Critical
Unreviewed
CVE-2022-48123
was published
Jan 20, 2023
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection...
Critical
Unreviewed
CVE-2022-48126
was published
Jan 20, 2023
festivaltts4r allows arbitrary command execution
Critical
CVE-2016-10194
was published
for
festivaltts4r
(RubyGems)
Oct 24, 2017
Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15...
High
Unreviewed
CVE-2022-2251
was published
Jan 17, 2023
active-support impersonates 'activesupport' gem
Critical
CVE-2018-3779
was published
for
active-support
(RubyGems)
Aug 13, 2018
Improper Neutralization of Special Elements used in a Command ('Command Injection') in @floffah/build
Low
GHSA-jcgr-9698-82jx
was published
for
@floffah/build
(npm)
May 28, 2021
Command Injection in bestzip
Critical
GHSA-4qqc-mp5f-ccv4
was published
for
bestzip
(npm)
Sep 2, 2020
ProTip!
Advisories are also available from the
GraphQL API