GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,657
Composer 5,011
Erlang 39
GitHub Actions 38
Go 2,651
Maven 6,108
npm 4,279
NuGet 760
pip 4,066
Pub 12
RubyGems 957
Rust 1,057
Swift 45

Unreviewed advisories

All unreviewed 277,275

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

3,013 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

A remote command injection vulnerability exists in the Barracuda Email Security Gateway ... Critical Unreviewed

CVE-2023-2868 was published Jul 6, 2023

Aria Operations for Networks contains a command injection vulnerability. A malicious actor with... Critical Unreviewed

CVE-2023-20887 was published Jun 7, 2023

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a... High Unreviewed

CVE-2023-33538 was published Jun 7, 2023

A vulnerability in the web-based management interface of Cisco Small Business Routers RV016,... High Unreviewed

CVE-2023-20118 was published Apr 13, 2023

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0... Moderate Unreviewed

CVE-2022-40765 was published Nov 22, 2022

SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via... Critical Unreviewed

CVE-2022-29303 was published May 13, 2022

Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject... High Unreviewed

CVE-2022-27924 was published Apr 22, 2022

A command injection vulnerability in the web server of some Hikvision product. Due to the... Critical Unreviewed

CVE-2021-36260 was published May 24, 2022

Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1... Critical Unreviewed

CVE-2021-27561 was published May 24, 2022

Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that... Critical Unreviewed

CVE-2021-35394 was published May 24, 2022

Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management... Critical Unreviewed

CVE-2021-35395 was published May 24, 2022

A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote... High Unreviewed

CVE-2021-22899 was published May 24, 2022

getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb... Critical Unreviewed

CVE-2024-51378 was published Oct 30, 2024

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an... Critical Unreviewed

CVE-2024-55956 was published Dec 13, 2024

A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support... Critical Unreviewed

CVE-2024-12356 was published Dec 17, 2024

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow... Critical Unreviewed

CVE-2021-1498 was published May 24, 2022

A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited,... Critical Unreviewed

CVE-2020-2509 was published May 24, 2022

D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi... Critical Unreviewed

CVE-2020-25506 was published May 24, 2022

If exploited, this command injection vulnerability could allow remote attackers to run arbitrary... Critical Unreviewed

CVE-2018-19949 was published May 24, 2022

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and... Critical Unreviewed

CVE-2024-21887 was published Jan 12, 2024

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance... Critical Unreviewed

CVE-2023-1671 was published Apr 4, 2023

TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command... High Unreviewed

CVE-2023-1389 was published Mar 16, 2023

D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login... Critical Unreviewed

CVE-2016-20017 was published Oct 19, 2022

Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17,... High Unreviewed

CVE-2022-36804 was published Aug 26, 2022

A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L... Critical Unreviewed

CVE-2021-45382 was published Feb 18, 2022

Previous 1…5…121 Next

Previous 1 2 3 4 5 6 7 … 120 121 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

3,013 advisories