GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,832 advisories
Filter by severity
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved...
High
Unreviewed
CVE-2024-39524
was published
Jul 11, 2024
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved...
High
Unreviewed
CVE-2024-39520
was published
Jul 11, 2024
Insecure handling of POST header parameter body included in requests being sent to an instance of...
High
Unreviewed
CVE-2024-3799
was published
Jul 10, 2024
A remote attacker with high privileges may use a writing file function to inject OS commands.
High
Unreviewed
CVE-2024-28749
was published
Jul 9, 2024
A remote attacker with high privileges may use a deleting file function to inject OS commands.
High
Unreviewed
CVE-2024-28750
was published
Jul 9, 2024
A remote attacker with high privileges may use a reading file function to inject OS commands.
High
Unreviewed
CVE-2024-28748
was published
Jul 9, 2024
D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE)...
High
Unreviewed
CVE-2024-39202
was published
Jul 8, 2024
Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek...
High
Unreviewed
CVE-2023-50382
was published
Jul 8, 2024
Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek...
High
Unreviewed
CVE-2023-50383
was published
Jul 8, 2024
Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek...
High
Unreviewed
CVE-2023-50381
was published
Jul 8, 2024
jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command...
High
Unreviewed
CVE-2024-39935
was published
Jul 4, 2024
An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of...
High
Unreviewed
CVE-2024-32937
was published
Jul 3, 2024
A high privileged remote attacker can execute arbitrary system commands via GET requests due to...
High
Unreviewed
CVE-2024-5672
was published
Jul 3, 2024
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an...
High
Unreviewed
CVE-2024-37140
was published
Jun 26, 2024
The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request...
High
Unreviewed
CVE-2024-4748
was published
Jun 24, 2024
A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote...
High
Unreviewed
CVE-2024-37626
was published
Jun 20, 2024
The specific function parameter of ASUS Download Master does not properly filter user input. An...
High
Unreviewed
CVE-2024-31162
was published
Jun 14, 2024
A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2...
High
Unreviewed
CVE-2024-4696
was published
Jun 13, 2024
Command injection vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us...
High
Unreviewed
CVE-2024-5785
was published
Jun 10, 2024
An OS command injection vulnerability exists in the MacOS Text-To-Speech class MacOSTTS of the...
High
Unreviewed
CVE-2024-1880
was published
Jun 6, 2024
AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization...
High
Unreviewed
CVE-2024-1881
was published
Jun 6, 2024
A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability. This...
High
Unreviewed
CVE-2024-30368
was published
Jun 6, 2024
ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability....
High
Unreviewed
CVE-2024-0401
was published
May 20, 2024
Passbolt Api Remote code execution
High
GHSA-cv5c-2qv5-w2m2
was published
for
passbolt/passbolt_api
(Composer)
May 20, 2024
A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could...
High
Unreviewed
CVE-2024-20326
was published
May 16, 2024
ProTip!
Advisories are also available from the
GraphQL API