Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,046
Erlang
29
GitHub Actions
18
Go
1,871
Maven
5,000+
npm
3,596
NuGet
638
pip
3,182
Pub
10
RubyGems
852
Rust
809
Swift
35
Unreviewed advisories
All unreviewed
5,000+

189 advisories

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default... Critical Unreviewed
CVE-2020-28026 was published May 24, 2022
Innorix Web-Based File Transfer Solution versuibs prior to and including 9.2.18.385 contains a... High Unreviewed
CVE-2020-7851 was published May 24, 2022
Duplicate Advisory: Improper Neutralization of CRLF Sequences in dio High
GHSA-jwpw-q68h-r678 was published for dio (Pub) May 24, 2022 withdrawn
AlexV525
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker... High Unreviewed
CVE-2021-1485 was published May 24, 2022
NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerability that could allow remote... High Unreviewed
CVE-2020-7850 was published May 24, 2022
Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated,... High Unreviewed
CVE-2021-1454 was published May 24, 2022
Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated,... High Unreviewed
CVE-2021-1383 was published May 24, 2022
The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote... Critical Unreviewed
CVE-2021-24030 was published May 24, 2022
A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote... Critical Unreviewed
CVE-2020-21224 was published May 24, 2022
Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary... High Unreviewed
CVE-2021-27201 was published May 24, 2022
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service ... Critical Unreviewed
CVE-2021-26937 was published May 24, 2022
A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware... High Unreviewed
CVE-2020-35576 was published May 24, 2022
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA... High Unreviewed
CVE-2020-19664 was published May 24, 2022
Dolibarr authenticated Remote Code Execution High
CVE-2020-35136 was published for dolibarr/dolibarr (Composer) May 24, 2022
Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via... Critical Unreviewed
CVE-2020-25494 was published May 24, 2022
Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. Critical Unreviewed
CVE-2020-28367 was published May 24, 2022
A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an... High Unreviewed
CVE-2020-27129 was published May 24, 2022
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability... Moderate Unreviewed
CVE-2020-5657 was published May 24, 2022
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote,... High Unreviewed
CVE-2020-5792 was published May 24, 2022
Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option,... Moderate Unreviewed
CVE-2020-17367 was published May 24, 2022
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the... High Unreviewed
CVE-2020-14421 was published May 24, 2022
In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processing without integrity check... High Unreviewed
CVE-2020-7808 was published May 24, 2022
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via... High Unreviewed
CVE-2020-12641 was published May 24, 2022
Command line arguments could have been injected during Firefox invocation as a shell handler for... Moderate Unreviewed
CVE-2020-6799 was published May 24, 2022
An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3,... High Unreviewed
CVE-2019-5012 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API