GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,536
Composer 4,189
Erlang 31
GitHub Actions 19
Go 1,985
Maven 5,160
npm 3,701
NuGet 657
pip 3,326
Pub 11
RubyGems 882
Rust 836
Swift 35

Unreviewed advisories

All unreviewed 233,505

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

77 advisories

Filter by severity

Sort by

Least recently updated

An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized... High Unreviewed

CVE-2021-42561 was published Jan 13, 2022

Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4... High Unreviewed

CVE-2019-12264 was published May 24, 2022

Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary... High Unreviewed

CVE-2021-27201 was published May 24, 2022

The Settings application has an argument injection vulnerability. Successful exploitation of this... High Unreviewed

CVE-2022-37005 was published Aug 11, 2022

In JetBrains TeamCity before 2022.04.2 build parameter injection was possible High Unreviewed

CVE-2022-36322 was published Jul 21, 2022

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the... High Unreviewed

CVE-2020-14421 was published May 24, 2022

rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via... High Unreviewed

CVE-2020-12641 was published May 24, 2022

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated,... High Unreviewed

CVE-2021-1383 was published May 24, 2022

Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote,... High Unreviewed

CVE-2020-5792 was published May 24, 2022

A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an... High Unreviewed

CVE-2020-27129 was published May 24, 2022

DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA... High Unreviewed

CVE-2020-19664 was published May 24, 2022

A vulnerability in the web UI of Cisco Modeling Labs could allow an authenticated, remote... High Unreviewed

CVE-2021-1531 was published May 24, 2022

Innorix Web-Based File Transfer Solution versuibs prior to and including 9.2.18.385 contains a... High Unreviewed

CVE-2020-7851 was published May 24, 2022

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated,... High Unreviewed

CVE-2021-1454 was published May 24, 2022

NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerability that could allow remote... High Unreviewed

CVE-2020-7850 was published May 24, 2022

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker... High Unreviewed

CVE-2021-1485 was published May 24, 2022

An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile feature in Access... High Unreviewed

CVE-2021-36122 was published May 24, 2022

An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users... High Unreviewed

CVE-2021-34816 was published May 24, 2022

By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish... High Unreviewed

CVE-2021-3540 was published May 24, 2022

A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung... High Unreviewed

CVE-2021-35062 was published May 24, 2022

The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery... High Unreviewed

CVE-2021-41316 was published May 24, 2022

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated,... High Unreviewed

CVE-2021-34718 was published May 24, 2022

In the Amazon AWS WorkSpaces client before 3.1.9 on Windows, argument injection in the workspaces... High Unreviewed

CVE-2021-38112 was published May 24, 2022

Within the function HandleFileArg the argument filepattern is under control of the user who... High Unreviewed

CVE-2021-21814 was published May 24, 2022

A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware... High Unreviewed

CVE-2020-35576 was published May 24, 2022

Previous 1 2 3 4 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

77 advisories