GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
817 advisories
Filter by severity
Sublime Text 4 was discovered to contain a command injection vulnerability via the New Build...
Critical
Unreviewed
CVE-2024-25255
was published
Nov 12, 2024
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an...
Critical
Unreviewed
CVE-2024-55956
was published
Dec 13, 2024
There is a command injection vulnerability in Huawei terminal printer product. Successful...
Critical
Unreviewed
CVE-2022-32203
was published
Dec 20, 2024
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support...
Critical
Unreviewed
CVE-2024-12356
was published
Dec 17, 2024
Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure...
Critical
Unreviewed
CVE-2024-11634
was published
Dec 10, 2024
Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote...
Critical
Unreviewed
CVE-2024-11772
was published
Dec 10, 2024
SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection. This issue affects IAP...
Critical
Unreviewed
CVE-2024-55547
was published
Dec 10, 2024
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb...
Critical
Unreviewed
CVE-2024-51378
was published
Oct 30, 2024
An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If...
Critical
Unreviewed
CVE-2024-50388
was published
Dec 6, 2024
Multiple OS Command Injection vulnerabilities affecting Kasda KW6512 router software version...
Critical
Unreviewed
CVE-2024-29292
was published
Nov 20, 2024
An LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690...
Critical
Unreviewed
CVE-2024-37782
was published
Nov 22, 2024
An issue in Kasda LinkSmart Router KW5515 v1.7 and before allows an authenticated remote attacker...
Critical
Unreviewed
CVE-2024-33439
was published
Nov 20, 2024
An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME...
Critical
Unreviewed
CVE-2024-28729
was published
Nov 13, 2024
An OS command injection vulnerability has been reported to affect several product versions. If...
Critical
Unreviewed
CVE-2024-48860
was published
Nov 22, 2024
D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function...
Critical
Unreviewed
CVE-2024-51151
was published
Nov 22, 2024
Improper neutralization of special elements used in a command ('Command Injection') vulnerability...
Critical
Unreviewed
CVE-2024-10443
was published
Nov 15, 2024
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000...
Critical
Unreviewed
CVE-2024-39226
was published
Aug 6, 2024
A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless...
Critical
Unreviewed
CVE-2024-20418
was published
Nov 6, 2024
An issue in Lens Visual integration with Power BI v.4.0.0.3 allows a remote attacker to execute...
Critical
Unreviewed
CVE-2024-48746
was published
Nov 6, 2024
DCME-320 v7.4.12.90 was discovered to contain a command injection vulnerability.
Critical
Unreviewed
CVE-2024-51115
was published
Nov 6, 2024
Command injection vulnerability in the underlying CLI service could lead to unauthenticated...
Critical
Unreviewed
CVE-2024-47460
was published
Nov 6, 2024
Command injection vulnerability in the underlying CLI service could lead to unauthenticated...
Critical
Unreviewed
CVE-2024-42509
was published
Nov 6, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and...
Critical
Unreviewed
CVE-2024-51255
was published
Oct 31, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and...
Critical
Unreviewed
CVE-2024-51259
was published
Oct 31, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and...
Critical
Unreviewed
CVE-2024-51260
was published
Oct 31, 2024
ProTip!
Advisories are also available from the
GraphQL API