GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,070
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,628
NuGet
638
pip
3,240
Pub
10
RubyGems
858
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
142 advisories
Filter by severity
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability...
Moderate
Unreviewed
CVE-2020-5657
was published
May 24, 2022
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote,...
High
Unreviewed
CVE-2020-5792
was published
May 24, 2022
Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option,...
Moderate
Unreviewed
CVE-2020-17367
was published
May 24, 2022
Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated,...
High
Unreviewed
CVE-2021-1383
was published
May 24, 2022
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via...
High
Unreviewed
CVE-2020-12641
was published
May 24, 2022
Command line arguments could have been injected during Firefox invocation as a shell handler for...
Moderate
Unreviewed
CVE-2020-6799
was published
May 24, 2022
AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_del.inc.php
Critical
Unreviewed
CVE-2022-47926
was published
Dec 22, 2022
An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung...
Critical
Unreviewed
CVE-2018-3856
was published
May 13, 2022
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the...
High
Unreviewed
CVE-2020-14421
was published
May 24, 2022
In JetBrains TeamCity before 2022.04.2 build parameter injection was possible
High
Unreviewed
CVE-2022-36322
was published
Jul 21, 2022
The Settings application has an argument injection vulnerability. Successful exploitation of this...
High
Unreviewed
CVE-2022-37005
was published
Aug 11, 2022
paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment...
Moderate
Unreviewed
CVE-2022-31246
was published
Jun 18, 2022
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default...
Critical
Unreviewed
CVE-2020-28026
was published
May 24, 2022
Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary...
High
Unreviewed
CVE-2021-27201
was published
May 24, 2022
Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4...
High
Unreviewed
CVE-2019-12264
was published
May 24, 2022
An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized...
High
Unreviewed
CVE-2021-42561
was published
Jan 13, 2022
CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule
Critical
Unreviewed
CVE-2021-43736
was published
Mar 24, 2022
ProTip!
Advisories are also available from the
GraphQL API