Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,061 advisories

Loading
The executable file warning was not presented when downloading .inetloc files, which, due to a... High Unreviewed
CVE-2021-38510 was published Dec 9, 2021
A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with... High Unreviewed
CVE-2021-42129 was published Dec 8, 2021
A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with... High Unreviewed
CVE-2021-42132 was published Dec 8, 2021
VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead... High Unreviewed
CVE-2021-43469 was published Dec 7, 2021
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text... High Unreviewed
CVE-2021-28704 was published Nov 25, 2021
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text... High Unreviewed
CVE-2021-28707 was published Nov 25, 2021
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text... High Unreviewed
CVE-2021-28708 was published Nov 25, 2021
There is a command injection vulnerability in CMA service module of FusionCompute product when... High Unreviewed
CVE-2021-37102 was published Nov 24, 2021
The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The ... High Unreviewed
CVE-2021-43557 was published Nov 23, 2021
Arbitrary command execution on Windows via qutebrowserurl: URL handler High
CVE-2021-41146 was published for qutebrowser (pip) Oct 22, 2021
Improper escaping of command arguments on Windows leading to command injection High
CVE-2021-41116 was published for composer/composer (Composer) Oct 5, 2021
paul-gerste-sonarsource
Improper Input Validation and Command Injection in Ansible High
CVE-2021-3583 was published for ansible (pip) Sep 23, 2021
Remote Code Execution in Apache Dubbo High
CVE-2021-36162 was published for org.apache.dubbo:dubbo (Maven) Sep 8, 2021
Command Injection in RaspAP 2.6.6 High
CVE-2021-38556 was published for billz/raspap-webgui (Composer) Sep 2, 2021
Arbitrary Code Execution in Rdoc High
CVE-2021-31799 was published for rdoc (RubyGems) Sep 1, 2021
Command injection in mail agent settings High
CVE-2021-37708 was published for shopware/core (Composer) Aug 30, 2021
Data races in bunch High
CVE-2020-36450 was published for bunch (Rust) Aug 25, 2021
Data race in syncpool High
CVE-2020-36462 was published for syncpool (Rust) Aug 25, 2021
Data races in lexer High
CVE-2020-36458 was published for lexer (Rust) Aug 25, 2021
Data races in multiqueue High
CVE-2020-36463 was published for multiqueue (Rust) Aug 25, 2021
Data races in dces High
CVE-2020-36459 was published for dces (Rust) Aug 25, 2021
Data races in toolshed High
CVE-2020-36456 was published for toolshed (Rust) Aug 25, 2021
Data races in slock High
CVE-2020-36455 was published for slock (Rust) Aug 25, 2021
J3rry-1729
Data races in lever High
CVE-2020-36457 was published for lever (Rust) Aug 25, 2021
tdunlap607
Data races in rcu_cell High
CVE-2020-36451 was published for rcu_cell (Rust) Aug 25, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database