Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

905 advisories

Loading
CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The... Critical Unreviewed
CVE-2024-45824 was published Sep 12, 2024
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers... Critical Unreviewed
CVE-2024-44466 was published Sep 11, 2024
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. Critical Unreviewed
CVE-2024-44410 was published Sep 9, 2024
D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm. Critical Unreviewed
CVE-2024-44402 was published Sep 6, 2024
D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the... Critical Unreviewed
CVE-2024-44401 was published Sep 6, 2024
Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60 has a command execution... Critical Unreviewed
CVE-2024-42905 was published Aug 28, 2024
Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application... Critical Unreviewed
CVE-2024-8073 was published Aug 26, 2024
An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows... Critical Unreviewed
CVE-2024-42947 was published Aug 15, 2024
Command Injection in sequenceserver Critical
CVE-2024-42360 was published for sequenceserver (RubyGems) Aug 13, 2024
drpowell tadast
Multiple OS command injection vulnerabilities affecting Vonets industrial wifi bridge relays... Critical Unreviewed
CVE-2024-37023 was published Aug 12, 2024
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Critical Unreviewed
CVE-2024-21878 was published Aug 12, 2024
An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a... Critical Unreviewed
CVE-2024-28739 was published Aug 6, 2024
Improper filering of special characters result in a command ('command injection') vulnerability... Critical Unreviewed
CVE-2024-7397 was published Aug 5, 2024
RaspAP allows an attacker to escalate privileges Critical
CVE-2024-41637 was published for billz/raspap-webgui (Composer) Jul 29, 2024
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2024-41319 was published Jul 23, 2024
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2024-41318 was published Jul 22, 2024
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2024-41316 was published Jul 22, 2024
This vulnerability allows an unauthenticated attacker to achieve remote command execution on the... Critical Unreviewed
CVE-2024-38492 was published Jul 15, 2024
Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote Code... Critical Unreviewed
CVE-2024-40110 was published Jul 12, 2024
An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code... Critical Unreviewed
CVE-2024-39028 was published Jul 5, 2024
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution... Critical Unreviewed
CVE-2024-4884 was published Jun 25, 2024
In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in... Critical Unreviewed
CVE-2024-4883 was published Jun 25, 2024
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Critical Unreviewed
CVE-2024-37091 was published Jun 24, 2024
Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because... Critical Unreviewed
CVE-2014-5470 was published Jun 22, 2024
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2024-37642 was published Jun 14, 2024
ProTip! Advisories are also available from the GraphQL API