Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,651
Maven
5,000+
npm
4,279
NuGet
760
pip
4,066
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,071 advisories

Loading
Command Injection in @ronomon/opened Critical
CVE-2021-29300 was published for @ronomon/opened (npm) Jun 8, 2021
Command injection in LocalStack Critical
CVE-2021-32090 was published for localstack (pip) Jun 18, 2021
Command injection in gitlogplus Critical
CVE-2021-23412 was published for gitlogplus (npm) Jul 26, 2021
Command Injection in Simiki Critical
CVE-2020-19001 was published for simiki (pip) Sep 1, 2021
Bash command injection in Apache Zeppelin Critical
CVE-2019-10095 was published for org.apache.zeppelin:zeppelin (Maven) Sep 7, 2021
Vulnerability in crunch function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36380 was published for aaptjs (npm) Nov 1, 2021
Vulnerability in singleCrunch function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36381 was published for aaptjs (npm) Nov 1, 2021
Vulnerability in list function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36376 was published for aaptjs (npm) Nov 2, 2021
Vulnerability in dump function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36377 was published for aaptjs (npm) Nov 2, 2021
Vulnerability in remove function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36379 was published for aaptjs (npm) Nov 2, 2021
Vulnerability in packageCmd function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36378 was published for aaptjs (npm) Nov 2, 2021
Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection... Critical Unreviewed
CVE-2021-43319 was published Dec 1, 2021
An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows... Critical Unreviewed
CVE-2021-35978 was published Dec 11, 2021
Command injection in itext7-core Critical
CVE-2021-43113 was published for com.itextpdf:itext7-core (Maven) Dec 16, 2021
Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, which may allow an attacker... Critical Unreviewed
CVE-2021-27447 was published Dec 22, 2021
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This... Critical Unreviewed
CVE-2021-45630 was published Dec 27, 2021
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This... Critical Unreviewed
CVE-2021-45627 was published Dec 27, 2021
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This... Critical Unreviewed
CVE-2021-45625 was published Dec 27, 2021
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This... Critical Unreviewed
CVE-2021-45624 was published Dec 27, 2021
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This... Critical Unreviewed
CVE-2021-45623 was published Dec 27, 2021
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This... Critical Unreviewed
CVE-2021-45621 was published Dec 27, 2021
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This... Critical Unreviewed
CVE-2021-45622 was published Dec 27, 2021
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This... Critical Unreviewed
CVE-2021-45620 was published Dec 27, 2021
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This... Critical Unreviewed
CVE-2021-45617 was published Dec 27, 2021
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This... Critical Unreviewed
CVE-2021-45614 was published Dec 27, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database