GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
756 advisories
Filter by severity
**UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of...
Critical
Unreviewed
CVE-2024-6342
was published
Sep 10, 2024
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This...
Critical
Unreviewed
CVE-2024-7591
was published
Sep 5, 2024
The improper neutralization of special elements in the parameter "host" in the CGI program of...
Critical
Unreviewed
CVE-2024-7261
was published
Sep 3, 2024
Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to...
Critical
Unreviewed
CVE-2024-42757
was published
Aug 15, 2024
Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows...
Critical
Unreviewed
CVE-2024-23789
was published
Aug 14, 2024
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')...
Critical
Unreviewed
CVE-2024-6917
was published
Aug 12, 2024
The function "generate_app_certificates" in lib/app_certificates.js of FIWARE Keyrock <= 8.4 does...
Critical
Unreviewed
CVE-2024-42166
was published
Aug 12, 2024
The function "generate_app_certificates" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4...
Critical
Unreviewed
CVE-2024-42167
was published
Aug 12, 2024
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability...
Critical
Unreviewed
CVE-2024-21878
was published
Aug 12, 2024
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000...
Critical
Unreviewed
CVE-2024-39228
was published
Aug 6, 2024
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly...
Critical
Unreviewed
CVE-2024-38889
was published
Aug 2, 2024
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly...
Critical
Unreviewed
CVE-2024-38887
was published
Aug 2, 2024
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly...
Critical
Unreviewed
CVE-2024-38882
was published
Aug 2, 2024
The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not...
Critical
Unreviewed
CVE-2024-5670
was published
Jul 29, 2024
Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the...
Critical
Unreviewed
CVE-2024-41468
was published
Jul 26, 2024
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow a...
Critical
Unreviewed
CVE-2024-36491
was published
Jul 17, 2024
An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface...
Critical
Unreviewed
CVE-2019-16639
was published
Jul 16, 2024
An high privileged remote attacker can enable telnet access that accepts hardcoded credentials.
Critical
Unreviewed
CVE-2024-28751
was published
Jul 9, 2024
A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability...
Critical
Unreviewed
CVE-2024-5181
was published
Jun 26, 2024
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability...
Critical
Unreviewed
CVE-2024-37091
was published
Jun 24, 2024
Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email...
Critical
Unreviewed
CVE-2024-6048
was published
Jun 17, 2024
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality....
Critical
Unreviewed
CVE-2024-6047
was published
Jun 17, 2024
SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in...
Critical
Unreviewed
CVE-2024-6046
was published
Jun 17, 2024
Remote Command program allows an attacker to get Remote Code Execution. As for the affected...
Critical
Unreviewed
CVE-2024-27172
was published
Jun 14, 2024
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache...
Critical
Unreviewed
CVE-2024-4577
was published
Jun 9, 2024
ProTip!
Advisories are also available from the
GraphQL API