GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
77 advisories
Filter by severity
An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized...
High
Unreviewed
CVE-2021-42561
was published
Jan 13, 2022
Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4...
High
Unreviewed
CVE-2019-12264
was published
May 24, 2022
Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary...
High
Unreviewed
CVE-2021-27201
was published
May 24, 2022
The Settings application has an argument injection vulnerability. Successful exploitation of this...
High
Unreviewed
CVE-2022-37005
was published
Aug 11, 2022
In JetBrains TeamCity before 2022.04.2 build parameter injection was possible
High
Unreviewed
CVE-2022-36322
was published
Jul 21, 2022
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the...
High
Unreviewed
CVE-2020-14421
was published
May 24, 2022
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via...
High
Unreviewed
CVE-2020-12641
was published
May 24, 2022
Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated,...
High
Unreviewed
CVE-2021-1383
was published
May 24, 2022
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote,...
High
Unreviewed
CVE-2020-5792
was published
May 24, 2022
A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an...
High
Unreviewed
CVE-2020-27129
was published
May 24, 2022
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA...
High
Unreviewed
CVE-2020-19664
was published
May 24, 2022
A vulnerability in the web UI of Cisco Modeling Labs could allow an authenticated, remote...
High
Unreviewed
CVE-2021-1531
was published
May 24, 2022
Innorix Web-Based File Transfer Solution versuibs prior to and including 9.2.18.385 contains a...
High
Unreviewed
CVE-2020-7851
was published
May 24, 2022
Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated,...
High
Unreviewed
CVE-2021-1454
was published
May 24, 2022
NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerability that could allow remote...
High
Unreviewed
CVE-2020-7850
was published
May 24, 2022
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker...
High
Unreviewed
CVE-2021-1485
was published
May 24, 2022
An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile feature in Access...
High
Unreviewed
CVE-2021-36122
was published
May 24, 2022
An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users...
High
Unreviewed
CVE-2021-34816
was published
May 24, 2022
By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish...
High
Unreviewed
CVE-2021-3540
was published
May 24, 2022
A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung...
High
Unreviewed
CVE-2021-35062
was published
May 24, 2022
The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery...
High
Unreviewed
CVE-2021-41316
was published
May 24, 2022
A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated,...
High
Unreviewed
CVE-2021-34718
was published
May 24, 2022
In the Amazon AWS WorkSpaces client before 3.1.9 on Windows, argument injection in the workspaces...
High
Unreviewed
CVE-2021-38112
was published
May 24, 2022
Within the function HandleFileArg the argument filepattern is under control of the user who...
High
Unreviewed
CVE-2021-21814
was published
May 24, 2022
A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware...
High
Unreviewed
CVE-2020-35576
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API