Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,757
Erlang
35
GitHub Actions
29
Go
2,327
Maven
5,000+
npm
3,960
NuGet
712
pip
3,741
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,682 advisories

Loading
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2... High Unreviewed
CVE-2017-2846 was published May 13, 2022
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2... High Unreviewed
CVE-2017-2850 was published May 13, 2022
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE... High Unreviewed
CVE-2018-4019 was published May 13, 2022
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2... High Unreviewed
CVE-2017-2847 was published May 13, 2022
lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute... Moderate Unreviewed
CVE-2020-10221 was published May 24, 2022
rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a... High Unreviewed
CVE-2020-13778 was published May 24, 2022
react-dev-utils OS Command Injection in function `getProcessForPort` Moderate
CVE-2021-24033 was published for react-dev-utils (npm) Mar 11, 2021
Improper Neutralization of Special Elements used in an OS Command in Blamer Critical
CVE-2019-10807 was published for blamer (npm) May 24, 2022
PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated... Critical Unreviewed
CVE-2022-36779 was published Sep 14, 2022
A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy... Moderate Unreviewed
CVE-2021-26685 was published May 24, 2022
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a... High Unreviewed
CVE-2020-5791 was published May 24, 2022
react-dev-utils on Windows vulnerable to Remote Code Execution High
CVE-2018-6342 was published for react-dev-utils (npm) Jan 4, 2019
A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local... High Unreviewed
CVE-2021-31854 was published Jan 20, 2022
Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15... Critical Unreviewed
CVE-2021-27692 was published May 24, 2022
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS... High Unreviewed
CVE-2019-20807 was published May 24, 2022
A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows... High Unreviewed
CVE-2020-19907 was published May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W,... High Unreviewed
CVE-2021-1149 was published May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W,... High Unreviewed
CVE-2021-1148 was published May 24, 2022
Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an... Critical Unreviewed
CVE-2021-1142 was published May 24, 2022
Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5... Critical Unreviewed
CVE-2021-27691 was published May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016,... High Unreviewed
CVE-2021-1317 was published May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016,... High Unreviewed
CVE-2021-1316 was published May 24, 2022
rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers... Critical Unreviewed
CVE-2020-23151 was published May 24, 2022
A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series... High Unreviewed
CVE-2022-26532 was published May 25, 2022
TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely... Critical Unreviewed
CVE-2021-42872 was published Jun 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database