Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,825
Erlang
29
GitHub Actions
16
Go
1,715
Maven
4,950
npm
3,479
NuGet
605
pip
3,009
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,859 advisories

An unauthenticated command injection vulnerability exists in the parameters of operation 49 in... High Unreviewed
CVE-2021-20144 was published Dec 10, 2021
A command execution vulnerability exists in the wifi_country_code_update functionality of the... Critical Unreviewed
CVE-2021-21954 was published Dec 10, 2021
OS Command Injection in fsa Moderate
CVE-2020-7615 was published for fsa (npm) Dec 9, 2021
OS Command Injection in adb-driver Critical
CVE-2020-7636 was published for adb-driver (npm) Dec 9, 2021
OS Command Injection in heroku-addonpool Critical
CVE-2020-7634 was published for heroku-addonpool (npm) Dec 9, 2021
Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert... High Unreviewed
CVE-2021-20039 was published Dec 9, 2021
A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote... High Unreviewed
CVE-2021-20044 was published Dec 9, 2021
Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6... High Unreviewed
CVE-2021-36195 was published Dec 9, 2021
A crafted configuration packet sent by an authenticated administrative user can be used to... High Unreviewed
CVE-2021-23862 was published Dec 9, 2021
Command injection in git-it-electron Critical
CVE-2021-44685 was published for git-it-electron (npm) Dec 8, 2021
dwisiswant0
OS Command injection in docker-cli-js Moderate
CVE-2021-23732 was published for docker-cli-js (npm) Dec 2, 2021 withdrawn
ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and... Moderate Unreviewed
CVE-2021-20853 was published Dec 2, 2021
ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and... Moderate Unreviewed
CVE-2021-20854 was published Dec 2, 2021
ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior... High Unreviewed
CVE-2021-20859 was published Dec 2, 2021
OS command injection vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC... High Unreviewed
CVE-2021-20863 was published Dec 2, 2021
OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS Critical
CVE-2021-41243 was published for baserproject/basercms (Composer) Dec 1, 2021
# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**:... Critical Unreviewed
CVE-2021-3769 was published Dec 1, 2021
# Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and ... Critical Unreviewed
CVE-2021-3727 was published Dec 1, 2021
# Vulnerability in `title` function **Description**: the `title` function defined in `lib... Critical Unreviewed
CVE-2021-3726 was published Dec 1, 2021
Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the... High Unreviewed
CVE-2021-3725 was published Dec 1, 2021
An issue was discovered on Victure WR1200 devices through 1.0.3. A command injection... High Unreviewed
CVE-2021-43283 was published Dec 1, 2021
This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It... Critical Unreviewed
CVE-2020-7879 was published Dec 1, 2021
A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited,... Critical Unreviewed
CVE-2021-38685 was published Nov 27, 2021
Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A... High Unreviewed
CVE-2021-36313 was published Nov 24, 2021
Privilege escalation to cluster admin on multi-tenant environments High
CVE-2021-41254 was published for github.com/fluxcd/kustomize-controller (Go) Nov 15, 2021
AdamKorcz DavidKorczynski
ProTip! Advisories are also available from the GraphQL API