Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

930 advisories

Loading
Command Injection in open Critical
GHSA-28xh-wpgr-7fm8 was published for open (npm) Jun 20, 2019
Potential Command Injection in printer Critical
CVE-2014-3741 was published for printer (npm) Nov 28, 2017
Critical severity vulnerability that affects Haraka Critical
CVE-2016-1000282 was published for Haraka (npm) Feb 12, 2019
Command Injection in samsung-remote Critical
GHSA-xhjx-mfr6-9rr4 was published for samsung-remote (npm) Sep 1, 2020
Command Injection in ungit Critical
CVE-2015-4130 was published for ungit (npm) Aug 31, 2020
Command Injection in marsdb Critical
GHSA-5mrr-rgp6-x4gr was published for marsdb (npm) Sep 3, 2020
Command Injection in npm-git-publish Critical
GHSA-49mg-94fc-2fx6 was published for npm-git-publish (npm) Sep 4, 2020
Command Injection in gnuplot Critical
GHSA-cfwc-xjfp-44jg was published for gnuplot (npm) Sep 4, 2020
Command Injection in node-wifi Critical
GHSA-4x6x-782q-jfc4 was published for node-wifi (npm) Sep 3, 2020
Command Injection in gm Critical
CVE-2015-7982 was published for gm (npm) Sep 1, 2020
Command Injection in pidusage Critical
CVE-2017-16034 was published for pidusage (npm) Sep 1, 2020
Command Injection in traceroute Critical
GHSA-rjvj-673q-4hfw was published for traceroute (npm) Sep 4, 2020
Command Injection in meta-git Critical
GHSA-qcff-ffx3-m25c was published for meta-git (npm) Sep 4, 2020
Command Injection in priest-runner Critical
GHSA-9px9-f7jw-fwhj was published for priest-runner (npm) Sep 3, 2020
Command Injection in plotter Critical
GHSA-65xx-c85x-wg76 was published for plotter (npm) Sep 4, 2020
Command Injection in giting Critical
GHSA-7r9x-hr76-jr96 was published for giting (npm) Sep 4, 2020
Command Injection in bestzip Critical
GHSA-4qqc-mp5f-ccv4 was published for bestzip (npm) Sep 2, 2020
active-support impersonates 'activesupport' gem Critical
CVE-2018-3779 was published for active-support (RubyGems) Aug 13, 2018
festivaltts4r allows arbitrary command execution Critical
CVE-2016-10194 was published for festivaltts4r (RubyGems) Oct 24, 2017
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection... Critical Unreviewed
CVE-2022-48123 was published Jan 20, 2023
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection... Critical Unreviewed
CVE-2022-48126 was published Jan 20, 2023
A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm... Critical Unreviewed
CVE-2021-44620 was published Mar 12, 2022
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were... Critical Unreviewed
CVE-2022-26992 was published Mar 17, 2022
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu... Critical Unreviewed
CVE-2022-26206 was published Mar 17, 2022
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu... Critical Unreviewed
CVE-2022-26210 was published Mar 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database