Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,757
Erlang
35
GitHub Actions
29
Go
2,327
Maven
5,000+
npm
3,960
NuGet
712
pip
3,741
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,682 advisories

Loading
OS Command Injection in ftpd Critical
CVE-2013-2512 was published for ftpd (RubyGems) Oct 12, 2021
Command injection leading to Remote Code Execution in Apache Storm Critical
CVE-2021-38294 was published for org.apache.storm:storm (Maven) Oct 27, 2021
Vulnerability in crunch function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36380 was published for aaptjs (npm) Nov 1, 2021
Vulnerability in singleCrunch function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36381 was published for aaptjs (npm) Nov 1, 2021
Vulnerability in list function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36376 was published for aaptjs (npm) Nov 2, 2021
Vulnerability in dump function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36377 was published for aaptjs (npm) Nov 2, 2021
Vulnerability in remove function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36379 was published for aaptjs (npm) Nov 2, 2021
Vulnerability in packageCmd function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36378 was published for aaptjs (npm) Nov 2, 2021
Code injection in `saved_model_cli` Moderate
CVE-2021-41228 was published for tensorflow (pip) Nov 10, 2021
Privilege escalation to cluster admin on multi-tenant environments High
CVE-2021-41254 was published for github.com/fluxcd/kustomize-controller (Go) Nov 15, 2021
AdamKorcz DavidKorczynski
Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A... High Unreviewed
CVE-2021-36313 was published Nov 24, 2021
A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited,... Critical Unreviewed
CVE-2021-38685 was published Nov 27, 2021
This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It... Critical Unreviewed
CVE-2020-7879 was published Dec 1, 2021
An issue was discovered on Victure WR1200 devices through 1.0.3. A command injection... High Unreviewed
CVE-2021-43283 was published Dec 1, 2021
# Vulnerability in `title` function **Description**: the `title` function defined in `lib... Critical Unreviewed
CVE-2021-3726 was published Dec 1, 2021
# Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and ... Critical Unreviewed
CVE-2021-3727 was published Dec 1, 2021
Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the... High Unreviewed
CVE-2021-3725 was published Dec 1, 2021
# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**:... Critical Unreviewed
CVE-2021-3769 was published Dec 1, 2021
OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS Critical
CVE-2021-41243 was published for baserproject/basercms (Composer) Dec 1, 2021
OS command injection vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC... High Unreviewed
CVE-2021-20863 was published Dec 2, 2021
ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior... High Unreviewed
CVE-2021-20859 was published Dec 2, 2021
ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and... Moderate Unreviewed
CVE-2021-20854 was published Dec 2, 2021
ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and... Moderate Unreviewed
CVE-2021-20853 was published Dec 2, 2021
OS Command injection in docker-cli-js Moderate
CVE-2021-23732 was published for docker-cli-js (npm) Dec 2, 2021 withdrawn
Command injection in git-it-electron Critical
CVE-2021-44685 was published for git-it-electron (npm) Dec 8, 2021
dwisiswant0
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database