GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,990
Composer 4,293
Erlang 31
GitHub Actions 21
Go 2,061
Maven 5,239
npm 3,744
NuGet 668
pip 3,423
Pub 12
RubyGems 892
Rust 875
Swift 36

Unreviewed advisories

All unreviewed 239,490

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

816 advisories

Filter by severity

Sort by

Least recently updated

Moxa’s cellular routers, secure routers, and network security appliances are affected by a... Critical Unreviewed

CVE-2024-9140 was published Jan 3, 2025

Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows... Critical Unreviewed

CVE-2024-12828 was published Dec 30, 2024

Tiki Wiki CMS – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS... Critical Unreviewed

CVE-2024-47919 was published Dec 30, 2024

rizin before v0.6.3 is vulnerable to Improper Neutralization of Special Elements via meta_set... Critical Unreviewed

CVE-2024-31668 was published Dec 18, 2024

An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. A specially... Critical Unreviewed

CVE-2024-29224 was published Dec 18, 2024

The affected product is vulnerable to a command injection. An unauthenticated attacker could send... Critical Unreviewed

CVE-2024-52320 was published Dec 6, 2024

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated... Critical Unreviewed

CVE-2024-49803 was published Nov 29, 2024

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and... Critical Unreviewed

CVE-2024-11482 was published Nov 29, 2024

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command... Critical Unreviewed

CVE-2024-50373 was published Nov 26, 2024

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command... Critical Unreviewed

CVE-2024-50370 was published Nov 26, 2024

A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following... Critical Unreviewed

CVE-2024-50375 was published Nov 26, 2024

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command... Critical Unreviewed

CVE-2024-50371 was published Nov 26, 2024

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command... Critical Unreviewed

CVE-2024-50372 was published Nov 26, 2024

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command... Critical Unreviewed

CVE-2024-50374 was published Nov 26, 2024

A parameter within a command does not properly validate input within myPRO Manager which could be... Critical Unreviewed

CVE-2024-47407 was published Nov 23, 2024

An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command... Critical Unreviewed

CVE-2024-52034 was published Nov 23, 2024

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability... Critical Unreviewed

CVE-2024-8806 was published Nov 22, 2024

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability... Critical Unreviewed

CVE-2024-8807 was published Nov 22, 2024

In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used... Critical Unreviewed

CVE-2024-52723 was published Nov 22, 2024

D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function... Critical Unreviewed

CVE-2024-51151 was published Nov 22, 2024

A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to... Critical Unreviewed

CVE-2023-20036 was published Nov 15, 2024

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote... Critical Unreviewed

CVE-2024-11120 was published Nov 15, 2024

A Python command injection vulnerability exists in the `SagemakerLLM` class's `complete()` method... Critical Unreviewed

CVE-2024-4343 was published Nov 14, 2024

Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure... Critical Unreviewed

CVE-2024-11005 was published Nov 12, 2024

Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure... Critical Unreviewed

CVE-2024-11006 was published Nov 12, 2024

Previous 1 2 3 4 5 … 32 33 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

816 advisories