Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,409
Erlang
33
GitHub Actions
22
Go
2,144
Maven
5,000+
npm
3,808
NuGet
687
pip
3,481
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

990 advisories

Loading
OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for... High Unreviewed
CVE-2010-0136 was published May 2, 2022
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1... High Unreviewed
CVE-2007-3010 was published May 1, 2022
PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows... High Unreviewed
CVE-2005-2793 was published May 1, 2022
HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary... High Unreviewed
CVE-2005-2773 was published May 1, 2022
Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An... High Unreviewed
CVE-2022-1509 was published Apr 29, 2022
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web... High Unreviewed
CVE-2021-34592 was published Apr 28, 2022
The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the... High Unreviewed
CVE-2022-26111 was published Apr 26, 2022
On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell... High Unreviewed
CVE-2009-5157 was published Apr 21, 2022
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create... High Unreviewed
CVE-2021-43286 was published Apr 15, 2022
An authenticated user may be able to misuse parameters to inject arbitrary operating system... High Unreviewed
CVE-2022-0999 was published Apr 12, 2022
A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to... High Unreviewed
CVE-2022-20665 was published Apr 7, 2022
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection... High Unreviewed
CVE-2021-43664 was published Apr 1, 2022
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection... High Unreviewed
CVE-2021-43663 was published Apr 1, 2022
Improper neutralization of special elements used in a command ('Command Injection') vulnerability... High Unreviewed
CVE-2022-22688 was published Mar 26, 2022
Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be... High Unreviewed
CVE-2022-1030 was published Mar 24, 2022
Specially crafted string in OTRS system configuration can allow the execution of any system command. High Unreviewed
CVE-2021-36100 was published Mar 22, 2022
The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection... High Unreviewed
CVE-2022-24237 was published Mar 22, 2022
In ims service, there is a possible AT command injection due to a missing permission check. This... High Unreviewed
CVE-2022-20054 was published Mar 11, 2022
An authenticated remote code execution vulnerability was discovered in the AOS-CX Network... High Unreviewed
CVE-2021-41001 was published Mar 3, 2022
Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX... High Unreviewed
CVE-2021-41000 was published Mar 3, 2022
The laser command injection vulnerability exists on AIS-BW80H-00 versions earlier than AIS-BW80H... High Unreviewed
CVE-2021-40043 was published Feb 26, 2022
A command injection vulnerability in the function formImportOMCIShell of C-DATA ONU4FERW V2.1... High Unreviewed
CVE-2021-44132 was published Feb 26, 2022
IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could... High Unreviewed
CVE-2022-22308 was published Feb 22, 2022
Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable... High Unreviewed
CVE-2022-24295 was published Feb 22, 2022
CommScope URFboard SBG6950AC2 9.1.103AA23 devices allow Command Injection. High Unreviewed
CVE-2021-41552 was published Feb 16, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database