Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,653
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,938
npm
3,471
NuGet
603
pip
2,985
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,998 advisories

Command Injection in psnode High
CVE-2021-23375 was published for psnode (npm) May 6, 2021
Command Injection in @ronomon/opened Critical
CVE-2021-29300 was published for @ronomon/opened (npm) Jun 8, 2021
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the firewallen parameter in... Critical Unreviewed
CVE-2022-25434 was published Mar 19, 2022
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the... Critical Unreviewed
CVE-2022-25437 was published Mar 19, 2022
Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10... Critical Unreviewed
CVE-2022-25431 was published Mar 19, 2022
Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability... Critical Unreviewed
CVE-2022-25438 was published Mar 19, 2022
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in... Critical Unreviewed
CVE-2022-25440 was published Mar 19, 2022
Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the... Critical Unreviewed
CVE-2022-25429 was published Mar 19, 2022
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the urls parameter in the... Critical Unreviewed
CVE-2022-25433 was published Mar 19, 2022
Remote Code Execution in Contao Managed Edition Critical
CVE-2022-26265 was published for contao/managed-edition (Composer) Mar 20, 2022
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection... Critical Unreviewed
CVE-2022-26189 was published Mar 23, 2022
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection... Critical Unreviewed
CVE-2022-26186 was published Mar 23, 2022
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection.... Critical Unreviewed
CVE-2021-45876 was published Mar 22, 2022
DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the... Critical Unreviewed
CVE-2021-39383 was published Mar 22, 2022
ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via... Critical Unreviewed
CVE-2022-23881 was published Mar 24, 2022
Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability... Critical Unreviewed
CVE-2022-25441 was published Mar 19, 2022
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in... Critical Unreviewed
CVE-2022-25428 was published Mar 19, 2022
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the... Critical Unreviewed
CVE-2022-25435 was published Mar 19, 2022
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter... Critical Unreviewed
CVE-2022-25427 was published Mar 19, 2022
The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection... High Unreviewed
CVE-2022-24237 was published Mar 22, 2022
Command Injection in ungit High
CVE-2022-25766 was published for ungit (npm) Mar 22, 2022
Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be... High Unreviewed
CVE-2022-1030 was published Mar 24, 2022
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection... Critical Unreviewed
CVE-2022-26188 was published Mar 23, 2022
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection... Critical Unreviewed
CVE-2022-26187 was published Mar 23, 2022
An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, ... Critical Unreviewed
CVE-2021-45966 was published Mar 19, 2022
ProTip! Advisories are also available from the GraphQL API