GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,787
Composer 4,248
Erlang 31
GitHub Actions 21
Go 2,016
Maven 5,202
npm 3,721
NuGet 662
pip 3,400
Pub 11
RubyGems 890
Rust 852
Swift 36

Unreviewed advisories

All unreviewed 236,212

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

150 advisories

Filter by severity

Sort by

Least recently updated

In the Amazon AWS WorkSpaces client before 3.1.9 on Windows, argument injection in the workspaces... High Unreviewed

CVE-2021-38112 was published May 24, 2022

The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery... High Unreviewed

CVE-2021-41316 was published May 24, 2022

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated,... High Unreviewed

CVE-2021-34718 was published May 24, 2022

A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung... High Unreviewed

CVE-2021-35062 was published May 24, 2022

Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an... Critical Unreviewed

CVE-2021-31698 was published May 24, 2022

An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface... Moderate Unreviewed

CVE-2021-3045 was published May 24, 2022

By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish... High Unreviewed

CVE-2021-3540 was published May 24, 2022

An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users... High Unreviewed

CVE-2021-34816 was published May 24, 2022

An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile feature in Access... High Unreviewed

CVE-2021-36122 was published May 24, 2022

When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the... High Unreviewed

CVE-2021-24002 was published May 24, 2022

KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the html_url parameter of the... Moderate Unreviewed

CVE-2021-3256 was published May 24, 2022

A vulnerability in the web UI of Cisco Modeling Labs could allow an authenticated, remote... High Unreviewed

CVE-2021-1531 was published May 24, 2022

In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was... Critical Unreviewed

CVE-2021-31909 was published May 24, 2022

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default... Critical Unreviewed

CVE-2020-28026 was published May 24, 2022

Innorix Web-Based File Transfer Solution versuibs prior to and including 9.2.18.385 contains a... High Unreviewed

CVE-2020-7851 was published May 24, 2022

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker... High Unreviewed

CVE-2021-1485 was published May 24, 2022

NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerability that could allow remote... High Unreviewed

CVE-2020-7850 was published May 24, 2022

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated,... High Unreviewed

CVE-2021-1454 was published May 24, 2022

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated,... High Unreviewed

CVE-2021-1383 was published May 24, 2022

The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote... Critical Unreviewed

CVE-2021-24030 was published May 24, 2022

A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote... Critical Unreviewed

CVE-2020-21224 was published May 24, 2022

Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary... High Unreviewed

CVE-2021-27201 was published May 24, 2022

encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service ... Critical Unreviewed

CVE-2021-26937 was published May 24, 2022

A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware... High Unreviewed

CVE-2020-35576 was published May 24, 2022

DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA... High Unreviewed

CVE-2020-19664 was published May 24, 2022

Previous 1 2 3 4 5 6 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

150 advisories