GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
189 advisories
Filter by severity
The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery...
High
Unreviewed
CVE-2021-41316
was published
May 24, 2022
A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung...
High
Unreviewed
CVE-2021-35062
was published
May 24, 2022
Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an...
Critical
Unreviewed
CVE-2021-31698
was published
May 24, 2022
An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface...
Moderate
Unreviewed
CVE-2021-3045
was published
May 24, 2022
By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish...
High
Unreviewed
CVE-2021-3540
was published
May 24, 2022
An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users...
High
Unreviewed
CVE-2021-34816
was published
May 24, 2022
An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile feature in Access...
High
Unreviewed
CVE-2021-36122
was published
May 24, 2022
KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the html_url parameter of the...
Moderate
Unreviewed
CVE-2021-3256
was published
May 24, 2022
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker...
High
Unreviewed
CVE-2021-1485
was published
May 24, 2022
NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerability that could allow remote...
High
Unreviewed
CVE-2020-7850
was published
May 24, 2022
Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated,...
High
Unreviewed
CVE-2021-1454
was published
May 24, 2022
The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote...
Critical
Unreviewed
CVE-2021-24030
was published
May 24, 2022
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was...
Critical
Unreviewed
CVE-2021-31909
was published
May 24, 2022
Innorix Web-Based File Transfer Solution versuibs prior to and including 9.2.18.385 contains a...
High
Unreviewed
CVE-2020-7851
was published
May 24, 2022
A vulnerability in the web UI of Cisco Modeling Labs could allow an authenticated, remote...
High
Unreviewed
CVE-2021-1531
was published
May 24, 2022
A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote...
Critical
Unreviewed
CVE-2020-21224
was published
May 24, 2022
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA...
High
Unreviewed
CVE-2020-19664
was published
May 24, 2022
Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via...
Critical
Unreviewed
CVE-2020-25494
was published
May 24, 2022
A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an...
High
Unreviewed
CVE-2020-27129
was published
May 24, 2022
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability...
Moderate
Unreviewed
CVE-2020-5657
was published
May 24, 2022
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote,...
High
Unreviewed
CVE-2020-5792
was published
May 24, 2022
Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option,...
Moderate
Unreviewed
CVE-2020-17367
was published
May 24, 2022
Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated,...
High
Unreviewed
CVE-2021-1383
was published
May 24, 2022
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via...
High
Unreviewed
CVE-2020-12641
was published
May 24, 2022
Command line arguments could have been injected during Firefox invocation as a shell handler for...
Moderate
Unreviewed
CVE-2020-6799
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API