Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

189 advisories

Loading
Innorix Web-Based File Transfer Solution versuibs prior to and including 9.2.18.385 contains a... High Unreviewed
CVE-2020-7851 was published May 24, 2022
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was... Critical Unreviewed
CVE-2021-31909 was published May 24, 2022
The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote... Critical Unreviewed
CVE-2021-24030 was published May 24, 2022
Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated,... High Unreviewed
CVE-2021-1454 was published May 24, 2022
NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerability that could allow remote... High Unreviewed
CVE-2020-7850 was published May 24, 2022
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker... High Unreviewed
CVE-2021-1485 was published May 24, 2022
KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the html_url parameter of the... Moderate Unreviewed
CVE-2021-3256 was published May 24, 2022
An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile feature in Access... High Unreviewed
CVE-2021-36122 was published May 24, 2022
An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users... High Unreviewed
CVE-2021-34816 was published May 24, 2022
By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish... High Unreviewed
CVE-2021-3540 was published May 24, 2022
An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface... Moderate Unreviewed
CVE-2021-3045 was published May 24, 2022
Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an... Critical Unreviewed
CVE-2021-31698 was published May 24, 2022
A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung... High Unreviewed
CVE-2021-35062 was published May 24, 2022
The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery... High Unreviewed
CVE-2021-41316 was published May 24, 2022
A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated,... High Unreviewed
CVE-2021-34718 was published May 24, 2022
In the Amazon AWS WorkSpaces client before 3.1.9 on Windows, argument injection in the workspaces... High Unreviewed
CVE-2021-38112 was published May 24, 2022
Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters... Low Unreviewed
CVE-2004-0473 was published Apr 29, 2022
Gitea vulnerable to Argument Injection Critical
CVE-2022-42968 was published for github.com/go-gitea/gitea (Go) Oct 16, 2022
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability... Critical Unreviewed
CVE-2020-5648 was published May 24, 2022
Within the function HandleFileArg the argument filepattern is under control of the user who... High Unreviewed
CVE-2021-21814 was published May 24, 2022
An Argument Injection or Modification vulnerability in the "Change Secret" username field as used... Critical Unreviewed
CVE-2022-1399 was published Aug 18, 2022
A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware... High Unreviewed
CVE-2020-35576 was published May 24, 2022
Command injection in git-interface Critical
CVE-2022-1440 was published for git-interface (npm) Apr 23, 2022
lirantal
OS Command Injection in git-promise High
CVE-2022-24376 was published for git-promise (npm) Jun 11, 2022
lirantal
An argument injection vulnerability in the browser-based authentication component of the... High Unreviewed
CVE-2022-30240 was published May 10, 2022
ProTip! Advisories are also available from the GraphQL API