GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,205 advisories
Filter by severity
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability...
Moderate
Unreviewed
CVE-2022-25619
was published
Mar 31, 2022
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection...
High
Unreviewed
CVE-2021-43664
was published
Apr 1, 2022
The executable file warning was not presented when downloading .inetloc files, which, due to a...
High
Unreviewed
CVE-2021-38510
was published
Dec 9, 2021
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection...
High
Unreviewed
CVE-2021-43663
was published
Apr 1, 2022
Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77]...
High
Unreviewed
CVE-2021-36180
was published
Dec 9, 2021
A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900...
Critical
Unreviewed
CVE-2021-43118
was published
Mar 30, 2022
Improper neutralization of special elements used in a command ('Command Injection') vulnerability...
High
Unreviewed
CVE-2022-22688
was published
Mar 26, 2022
D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a...
Critical
Unreviewed
CVE-2021-31326
was published
Mar 25, 2022
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection...
Critical
Unreviewed
CVE-2022-26187
was published
Mar 23, 2022
An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, ...
Critical
Unreviewed
CVE-2021-45966
was published
Mar 19, 2022
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection...
Critical
Unreviewed
CVE-2022-26188
was published
Mar 23, 2022
Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be...
High
Unreviewed
CVE-2022-1030
was published
Mar 24, 2022
Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability...
Critical
Unreviewed
CVE-2022-25441
was published
Mar 19, 2022
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter...
Critical
Unreviewed
CVE-2022-25427
was published
Mar 19, 2022
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in...
Critical
Unreviewed
CVE-2022-25428
was published
Mar 19, 2022
ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via...
Critical
Unreviewed
CVE-2022-23881
was published
Mar 24, 2022
The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection...
High
Unreviewed
CVE-2022-24237
was published
Mar 22, 2022
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the...
Critical
Unreviewed
CVE-2022-25435
was published
Mar 19, 2022
DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the...
Critical
Unreviewed
CVE-2021-39383
was published
Mar 22, 2022
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection...
Critical
Unreviewed
CVE-2022-26186
was published
Mar 23, 2022
Remote Code Execution in Contao Managed Edition
Critical
CVE-2022-26265
was published
for
contao/managed-edition
(Composer)
Mar 20, 2022
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection....
Critical
Unreviewed
CVE-2021-45876
was published
Mar 22, 2022
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection...
Critical
Unreviewed
CVE-2022-26189
was published
Mar 23, 2022
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the urls parameter in the...
Critical
Unreviewed
CVE-2022-25433
was published
Mar 19, 2022
ProTip!
Advisories are also available from the
GraphQL API