GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,536
Composer 4,189
Erlang 31
GitHub Actions 19
Go 1,985
Maven 5,160
npm 3,701
NuGet 657
pip 3,326
Pub 11
RubyGems 882
Rust 836
Swift 35

Unreviewed advisories

All unreviewed 233,505

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

144 advisories

Filter by severity

Sort by

Least recently updated

CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule Critical Unreviewed

CVE-2021-43736 was published Mar 24, 2022

An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized... High Unreviewed

CVE-2021-42561 was published Jan 13, 2022

Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4... High Unreviewed

CVE-2019-12264 was published May 24, 2022

Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary... High Unreviewed

CVE-2021-27201 was published May 24, 2022

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default... Critical Unreviewed

CVE-2020-28026 was published May 24, 2022

paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment... Moderate Unreviewed

CVE-2022-31246 was published Jun 18, 2022

The Settings application has an argument injection vulnerability. Successful exploitation of this... High Unreviewed

CVE-2022-37005 was published Aug 11, 2022

In JetBrains TeamCity before 2022.04.2 build parameter injection was possible High Unreviewed

CVE-2022-36322 was published Jul 21, 2022

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the... High Unreviewed

CVE-2020-14421 was published May 24, 2022

An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung... Critical Unreviewed

CVE-2018-3856 was published May 13, 2022

AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_del.inc.php Critical Unreviewed

CVE-2022-47926 was published Dec 22, 2022

Command line arguments could have been injected during Firefox invocation as a shell handler for... Moderate Unreviewed

CVE-2020-6799 was published May 24, 2022

rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via... High Unreviewed

CVE-2020-12641 was published May 24, 2022

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated,... High Unreviewed

CVE-2021-1383 was published May 24, 2022

Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option,... Moderate Unreviewed

CVE-2020-17367 was published May 24, 2022

Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote,... High Unreviewed

CVE-2020-5792 was published May 24, 2022

Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability... Moderate Unreviewed

CVE-2020-5657 was published May 24, 2022

A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an... High Unreviewed

CVE-2020-27129 was published May 24, 2022

Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via... Critical Unreviewed

CVE-2020-25494 was published May 24, 2022

DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA... High Unreviewed

CVE-2020-19664 was published May 24, 2022

A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote... Critical Unreviewed

CVE-2020-21224 was published May 24, 2022

A vulnerability in the web UI of Cisco Modeling Labs could allow an authenticated, remote... High Unreviewed

CVE-2021-1531 was published May 24, 2022

Innorix Web-Based File Transfer Solution versuibs prior to and including 9.2.18.385 contains a... High Unreviewed

CVE-2020-7851 was published May 24, 2022

In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was... Critical Unreviewed

CVE-2021-31909 was published May 24, 2022

The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote... Critical Unreviewed

CVE-2021-24030 was published May 24, 2022

Previous 1 2 3 4 5 6 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

144 advisories