GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
811 advisories
Filter by severity
An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. A specially...
Critical
Unreviewed
CVE-2024-29224
was published
Dec 18, 2024
In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used...
Critical
Unreviewed
CVE-2024-52723
was published
Nov 22, 2024
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb...
Critical
Unreviewed
CVE-2024-51378
was published
Oct 30, 2024
The affected product is vulnerable to a command injection. An unauthenticated attacker could send...
Critical
Unreviewed
CVE-2024-52320
was published
Dec 6, 2024
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated...
Critical
Unreviewed
CVE-2024-49803
was published
Nov 29, 2024
A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and...
Critical
Unreviewed
CVE-2024-11482
was published
Nov 29, 2024
A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following...
Critical
Unreviewed
CVE-2024-50375
was published
Nov 26, 2024
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command...
Critical
Unreviewed
CVE-2024-50374
was published
Nov 26, 2024
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command...
Critical
Unreviewed
CVE-2024-50373
was published
Nov 26, 2024
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command...
Critical
Unreviewed
CVE-2024-50372
was published
Nov 26, 2024
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command...
Critical
Unreviewed
CVE-2024-50370
was published
Nov 26, 2024
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command...
Critical
Unreviewed
CVE-2024-50371
was published
Nov 26, 2024
A parameter within a command does not properly validate input within myPRO Manager which could be...
Critical
Unreviewed
CVE-2024-47407
was published
Nov 23, 2024
An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command...
Critical
Unreviewed
CVE-2024-52034
was published
Nov 23, 2024
Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability...
Critical
Unreviewed
CVE-2024-8807
was published
Nov 22, 2024
Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability...
Critical
Unreviewed
CVE-2024-8806
was published
Nov 22, 2024
D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function...
Critical
Unreviewed
CVE-2024-51151
was published
Nov 22, 2024
A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to...
Critical
Unreviewed
CVE-2023-20036
was published
Nov 15, 2024
Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote...
Critical
Unreviewed
CVE-2024-11120
was published
Nov 15, 2024
A Python command injection vulnerability exists in the `SagemakerLLM` class's `complete()` method...
Critical
Unreviewed
CVE-2024-4343
was published
Nov 14, 2024
Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure...
Critical
Unreviewed
CVE-2024-11005
was published
Nov 12, 2024
Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure...
Critical
Unreviewed
CVE-2024-11006
was published
Nov 12, 2024
Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure...
Critical
Unreviewed
CVE-2024-11007
was published
Nov 12, 2024
EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an...
Critical
Unreviewed
CVE-2024-36061
was published
Nov 11, 2024
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected...
Critical
Unreviewed
CVE-2024-46890
was published
Nov 12, 2024
ProTip!
Advisories are also available from the
GraphQL API