Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,381 advisories

Loading
A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been classified as critical.... Moderate Unreviewed
CVE-2024-11046 was published Nov 10, 2024
Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the... High Unreviewed
CVE-2024-35517 was published Oct 12, 2024
Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an... High Unreviewed
CVE-2024-35522 was published Oct 12, 2024
An attacker with local access the to medical office computer can escalate his Windows user... High Unreviewed
CVE-2024-50591 was published Nov 8, 2024
GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution... High Unreviewed
CVE-2023-21413 was published Oct 16, 2023
A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu... Moderate Unreviewed
CVE-2024-10966 was published Nov 7, 2024
Symfony vulnerable to command execution hijack on Windows with Process class High
CVE-2024-51736 was published for symfony/process (Composer) Nov 6, 2024
nicolas-grekas
A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless... Critical Unreviewed
CVE-2024-20418 was published Nov 6, 2024
DCME-320 v7.4.12.90 was discovered to contain a command injection vulnerability. Critical Unreviewed
CVE-2024-51115 was published Nov 6, 2024
An issue in Lens Visual integration with Power BI v.4.0.0.3 allows a remote attacker to execute... Critical Unreviewed
CVE-2024-48746 was published Nov 6, 2024
An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command... High Unreviewed
CVE-2024-47461 was published Nov 6, 2024
Command injection vulnerability in the underlying CLI service could lead to unauthenticated... Critical Unreviewed
CVE-2024-42509 was published Nov 6, 2024
Command injection vulnerability in the underlying CLI service could lead to unauthenticated... Critical Unreviewed
CVE-2024-47460 was published Nov 6, 2024
A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware... High Unreviewed
CVE-2024-9579 was published Nov 5, 2024
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were... High Unreviewed
CVE-2024-52022 was published Nov 5, 2024
Splinefont in FontForge through 20230101 allows command injection via crafted archives or... Moderate Unreviewed
CVE-2024-25082 was published Feb 26, 2024
A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by... Moderate Unreviewed
CVE-2024-10697 was published Nov 2, 2024
Grafana Command Injection And Local File Inclusion Via Sql Expressions Critical
CVE-2024-9264 was published for github.com/grafana/grafana (Go) Oct 18, 2024
Malayke
A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This... Moderate Unreviewed
CVE-2024-9793 was published Oct 10, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and... Critical Unreviewed
CVE-2024-51255 was published Oct 31, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and... Critical Unreviewed
CVE-2024-51259 was published Oct 31, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and... Critical Unreviewed
CVE-2024-51260 was published Oct 31, 2024
KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that... High Unreviewed
CVE-2024-48214 was published Oct 30, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51254 was published Oct 31, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51299 was published Oct 30, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database