GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
1,827 advisories
Filter by severity
CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell...
High
Unreviewed
CVE-2024-53376
was published
Dec 16, 2024
An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of...
High
Unreviewed
CVE-2024-25468
was published
Feb 17, 2024
A flaw was found in Radare2, which contains a command injection vulnerability caused by...
High
Unreviewed
CVE-2024-11858
was published
Dec 15, 2024
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')...
High
Unreviewed
CVE-2024-52058
was published
Dec 13, 2024
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for...
High
Unreviewed
CVE-2023-34642
was published
Jun 19, 2023
An unauthenticated attacker with network access to the affected device's web interface can...
High
Unreviewed
CVE-2024-28138
was published
Dec 10, 2024
An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Successful...
High
Unreviewed
CVE-2024-54008
was published
Dec 10, 2024
IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on...
High
Unreviewed
CVE-2024-47115
was published
Dec 7, 2024
A command injection vulnerability has been reported to affect several QNAP operating system...
High
Unreviewed
CVE-2024-50393
was published
Dec 6, 2024
A command injection vulnerability has been reported to affect License Center. If exploited, the...
High
Unreviewed
CVE-2024-48863
was published
Dec 6, 2024
UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier allow a remote...
High
Unreviewed
CVE-2024-47133
was published
Dec 5, 2024
Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526...
High
Unreviewed
CVE-2023-32622
was published
Jun 30, 2023
IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could...
High
Unreviewed
CVE-2024-51465
was published
Dec 4, 2024
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware...
High
Unreviewed
CVE-2024-53940
was published
Dec 3, 2024
Authenticated remote code execution (RCE) vulnerabilities affect TP-Link Archer, Deco, and Tapo...
High
Unreviewed
CVE-2024-53375
was published
Dec 3, 2024
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware...
High
Unreviewed
CVE-2024-53939
was published
Dec 3, 2024
An arbitrary file download vulnerability in the component /Doc/DownloadFile of NUS-M9 ERP...
High
Unreviewed
CVE-2024-44759
was published
Nov 15, 2024
A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2.7.0 allows attackers to...
High
Unreviewed
CVE-2024-24431
was published
Nov 15, 2024
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library ...
High
Unreviewed
CVE-2024-11003
was published
Nov 19, 2024
A post-authentication command injection vulnerability in the "host" parameter of the diagnostic...
High
Unreviewed
CVE-2024-9200
was published
Dec 3, 2024
EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker to execute arbitrary OS...
High
Unreviewed
CVE-2024-31976
was published
Nov 27, 2024
Certain models of routers from Billion Electric has an OS Command Injection vulnerability,...
High
Unreviewed
CVE-2024-11983
was published
Nov 29, 2024
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518...
High
Unreviewed
CVE-2024-8190
was published
Sep 10, 2024
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual...
High
Unreviewed
CVE-2024-53899
was published
Nov 24, 2024
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for...
High
Unreviewed
CVE-2024-9461
was published
Nov 26, 2024
ProTip!
Advisories are also available from the
GraphQL API