GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
1,989 advisories
Filter by severity
The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The ...
High
Unreviewed
CVE-2021-43557
was published
Nov 23, 2021
There is a command injection vulnerability in CMA service module of FusionCompute product when...
High
Unreviewed
CVE-2021-37102
was published
Nov 24, 2021
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text...
High
Unreviewed
CVE-2021-28708
was published
Nov 25, 2021
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text...
High
Unreviewed
CVE-2021-28704
was published
Nov 25, 2021
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text...
High
Unreviewed
CVE-2021-28707
was published
Nov 25, 2021
Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection...
Critical
Unreviewed
CVE-2021-43319
was published
Dec 1, 2021
Withdrawn: Arbitrary code execution in lodash
Low
Unreviewed
CVE-2021-41720
was published
for
lodash
(npm)
Dec 3, 2021
VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead...
High
Unreviewed
CVE-2021-43469
was published
Dec 7, 2021
A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with...
High
Unreviewed
CVE-2021-42132
was published
Dec 8, 2021
A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with...
High
Unreviewed
CVE-2021-42129
was published
Dec 8, 2021
The executable file warning was not presented when downloading .inetloc files, which, due to a...
High
Unreviewed
CVE-2021-38510
was published
Dec 9, 2021
A crafted configuration packet sent by an authenticated administrative user can be used to...
High
Unreviewed
CVE-2021-23862
was published
Dec 9, 2021
By executing a special command, an user with administrative rights can get access to extended...
Moderate
Unreviewed
CVE-2021-23861
was published
Dec 9, 2021
Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77]...
High
Unreviewed
CVE-2021-36180
was published
Dec 9, 2021
An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows...
Critical
Unreviewed
CVE-2021-35978
was published
Dec 11, 2021
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to...
High
Unreviewed
CVE-2021-32499
was published
Dec 18, 2021
Mesa Labs AmegaView Versions 3.0 and prior has a command injection vulnerability that can be...
High
Unreviewed
CVE-2021-27449
was published
Dec 22, 2021
Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, which may allow an attacker...
Critical
Unreviewed
CVE-2021-27447
was published
Dec 22, 2021
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via...
High
Unreviewed
CVE-2021-3621
was published
Dec 24, 2021
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This...
High
Unreviewed
CVE-2021-45634
was published
Dec 27, 2021
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This...
High
Unreviewed
CVE-2021-45635
was published
Dec 27, 2021
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This...
High
Unreviewed
CVE-2021-45633
was published
Dec 27, 2021
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This...
High
Unreviewed
CVE-2021-45631
was published
Dec 27, 2021
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This...
High
Unreviewed
CVE-2021-45632
was published
Dec 27, 2021
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This...
High
Unreviewed
CVE-2021-45629
was published
Dec 27, 2021
ProTip!
Advisories are also available from the
GraphQL API