GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
2,763 advisories
Filter by severity
Certain models of D-Link wireless routers do not properly validate user input in the telnet...
High
Unreviewed
CVE-2024-45698
was published
Sep 16, 2024
Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow...
High
Unreviewed
CVE-2023-34116
was published
Jul 11, 2023
A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This...
Moderate
Unreviewed
CVE-2024-9001
was published
Sep 19, 2024
A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Affected...
Moderate
Unreviewed
CVE-2024-9004
was published
Sep 19, 2024
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This...
Critical
Unreviewed
CVE-2024-7591
was published
Sep 5, 2024
OS command injection vulnerability in multiple digital video recorders provided by TAKENAKA...
High
Unreviewed
CVE-2024-43778
was published
Sep 18, 2024
Authenticated command injection vulnerability exists in the ArubaOS command line interface....
High
Unreviewed
CVE-2024-42502
was published
Sep 17, 2024
Authenticated command execution vulnerability exist in the ArubaOS command line interface (CLI)....
High
Unreviewed
CVE-2024-42503
was published
Sep 17, 2024
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue....
High
Unreviewed
CVE-2024-8957
was published
Sep 17, 2024
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x...
Critical
Unreviewed
CVE-2022-30311
was published
Jun 14, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web...
Critical
Unreviewed
CVE-2022-30309
was published
Jun 14, 2022
A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the...
Low
Unreviewed
CVE-2024-8869
was published
Sep 16, 2024
An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC...
High
Unreviewed
CVE-2024-8280
was published
Sep 13, 2024
An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC...
High
Unreviewed
CVE-2024-8281
was published
Sep 13, 2024
A privilege escalation vulnerability was discovered in XCC that could allow a valid,...
High
Unreviewed
CVE-2024-8279
was published
Sep 13, 2024
A privilege escalation vulnerability was discovered in XCC that could allow a valid,...
High
Unreviewed
CVE-2024-8278
was published
Sep 13, 2024
The web administration interface in NetModule Router Software (NRSW) 4.6 before 4.6.0.106 and 4.8...
Moderate
Unreviewed
CVE-2023-46306
was published
Oct 22, 2023
An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 allows an attacker to...
Critical
Unreviewed
CVE-2023-46510
was published
Oct 27, 2023
An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell...
High
Unreviewed
CVE-2024-8504
was published
Sep 10, 2024
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were...
Critical
Unreviewed
CVE-2022-27005
was published
Mar 17, 2022
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were...
Critical
Unreviewed
CVE-2022-27003
was published
Mar 17, 2022
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were...
Critical
Unreviewed
CVE-2022-27004
was published
Mar 17, 2022
Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/...
Critical
Unreviewed
CVE-2018-17558
was published
Oct 27, 2023
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection...
High
Unreviewed
CVE-2024-44844
was published
Sep 6, 2024
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated...
High
Unreviewed
CVE-2024-8686
was published
Sep 11, 2024
ProTip!
Advisories are also available from the
GraphQL API