Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

965 advisories

Loading
An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote... Critical Unreviewed
CVE-2023-47254 was published Dec 9, 2023
In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains... Critical Unreviewed
CVE-2023-48800 was published Dec 4, 2023
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields... Critical Unreviewed
CVE-2023-48805 was published Nov 30, 2023
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields... Critical Unreviewed
CVE-2023-48811 was published Nov 30, 2023
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields... Critical Unreviewed
CVE-2023-48806 was published Nov 30, 2023
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields... Critical Unreviewed
CVE-2023-48812 was published Nov 30, 2023
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields... Critical Unreviewed
CVE-2023-48810 was published Nov 30, 2023
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields... Critical Unreviewed
CVE-2023-48807 was published Nov 30, 2023
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields... Critical Unreviewed
CVE-2023-48804 was published Nov 30, 2023
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields... Critical Unreviewed
CVE-2023-48808 was published Nov 30, 2023
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields... Critical Unreviewed
CVE-2023-48803 was published Nov 30, 2023
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields... Critical Unreviewed
CVE-2023-48802 was published Nov 30, 2023
An OS Command injection vulnerability in NEC Platforms DT900 and DT900S Series all versions... Critical Unreviewed
CVE-2023-3741 was published Nov 30, 2023
A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21... Critical Unreviewed
CVE-2023-4473 was published Nov 30, 2023
The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware... Critical Unreviewed
CVE-2023-4474 was published Nov 30, 2023
A command injection vulnerability in the “show_zysync_server_contents” function of the Zyxel... Critical Unreviewed
CVE-2023-35138 was published Nov 30, 2023
Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain a command injection... Critical Unreviewed
CVE-2023-23325 was published Nov 29, 2023
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed
CVE-2023-6201 was published Nov 28, 2023
Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20... Critical Unreviewed
CVE-2023-3368 was published Nov 28, 2023
A vulnerability in the web-based management allows an unauthenticated remote attacker to inject... Critical Unreviewed
CVE-2023-4149 was published Nov 21, 2023
Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to operating system (OS) command... Critical Unreviewed
CVE-2023-35762 was published Nov 20, 2023
Ray OS Command Injection vulnerability Critical
CVE-2023-6019 was published for ray (pip) Nov 16, 2023
Remote Code Execution due to Full Controled File Write in mlflow Critical
CVE-2023-6018 was published for mlflow (pip) Nov 16, 2023
marco27183 mberges21
A improper neutralization of special elements used in an os command ('os command injection') in... Critical Unreviewed
CVE-2023-36553 was published Nov 14, 2023
An OS command injection vulnerability has been reported to affect several QNAP operating system... Critical Unreviewed
CVE-2023-23368 was published Nov 3, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database