GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,328 advisories
Filter by severity
A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20...
High
Unreviewed
CVE-2024-51503
was published
Nov 19, 2024
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library ...
High
Unreviewed
CVE-2024-11003
was published
Nov 19, 2024
Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts`
Low
CVE-2024-52587
was published
for
step-security/harden-runner
(GitHub Actions)
Nov 18, 2024
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS...
Moderate
Unreviewed
CVE-2024-9474
was published
Nov 18, 2024
An arbitrary file download vulnerability in the component /Doc/DownloadFile of NUS-M9 ERP...
High
Unreviewed
CVE-2024-44759
was published
Nov 15, 2024
A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2.7.0 allows attackers to...
High
Unreviewed
CVE-2024-24431
was published
Nov 15, 2024
A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web...
Moderate
Unreviewed
CVE-2022-20871
was published
Nov 15, 2024
A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to...
Critical
Unreviewed
CVE-2023-20036
was published
Nov 15, 2024
A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an...
High
Unreviewed
CVE-2022-20655
was published
Nov 15, 2024
A vulnerability in the web-based management interface and in the API subsystem of Cisco ...
Moderate
Unreviewed
CVE-2022-20652
was published
Nov 15, 2024
LibreNMS has an Authenticated OS Command Injection
Critical
CVE-2024-51092
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote...
Critical
Unreviewed
CVE-2024-11120
was published
Nov 15, 2024
A Python command injection vulnerability exists in the `SagemakerLLM` class's `complete()` method...
Critical
Unreviewed
CVE-2024-4343
was published
Nov 14, 2024
Multiple improper neutralization of special elements used in an OS command ('OS Command Injection...
Moderate
Unreviewed
CVE-2024-32118
was published
Nov 12, 2024
Zoraxy has an authenticated command injection in the Web SSH feature
High
CVE-2024-52010
was published
for
github.com/tobychui/zoraxy
(Go)
Nov 12, 2024
Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure...
Critical
Unreviewed
CVE-2024-11006
was published
Nov 12, 2024
Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure...
Critical
Unreviewed
CVE-2024-11005
was published
Nov 12, 2024
Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure...
Critical
Unreviewed
CVE-2024-11007
was published
Nov 12, 2024
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected...
Critical
Unreviewed
CVE-2024-46890
was published
Nov 12, 2024
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue...
High
Unreviewed
CVE-2024-45827
was published
Nov 12, 2024
A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48...
Moderate
Unreviewed
CVE-2024-8881
was published
Nov 12, 2024
EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an...
Critical
Unreviewed
CVE-2024-36061
was published
Nov 11, 2024
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers...
High
Unreviewed
CVE-2024-11064
was published
Nov 11, 2024
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers...
High
Unreviewed
CVE-2024-11065
was published
Nov 11, 2024
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers...
High
Unreviewed
CVE-2024-11063
was published
Nov 11, 2024
ProTip!
Advisories are also available from the
GraphQL API