GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
738 advisories
Filter by severity
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0....
Critical
Unreviewed
CVE-2023-38865
was published
Aug 15, 2023
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the...
Critical
Unreviewed
CVE-2023-38862
was published
Aug 15, 2023
An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute...
Critical
Unreviewed
CVE-2023-38861
was published
Aug 15, 2023
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname...
Critical
Unreviewed
CVE-2023-38863
was published
Aug 15, 2023
A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense before...
Critical
Unreviewed
CVE-2023-39008
was published
Aug 9, 2023
A command injection vulnerability in the component diag_backup.php of OPNsense before 23.7 allows...
Critical
Unreviewed
CVE-2023-39001
was published
Aug 9, 2023
There is a command injection problem in the old version of the mobile phone backup app.
Critical
Unreviewed
CVE-2023-26310
was published
Aug 9, 2023
Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the...
Critical
Unreviewed
CVE-2023-38928
was published
Aug 7, 2023
django-sspanel v2022.2.2 was discovered to contain a remote command execution (RCE) vulnerability...
Critical
Unreviewed
CVE-2023-38941
was published
Aug 4, 2023
A vulnerability has been discovered in Xiaomi routers that could allow command injection through...
Critical
Unreviewed
CVE-2023-26317
was published
Aug 2, 2023
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18...
Critical
Unreviewed
CVE-2023-34960
was published
Aug 1, 2023
Heights Telecom ERO1xS-Pro Dual-Band FW version BZ_ERO1XP.025.
Critical
Unreviewed
CVE-2023-37214
was published
Jul 30, 2023
WAYOS FBM-291W 19.09.11V was discovered to contain a command injection vulnerability via the...
Critical
Unreviewed
CVE-2023-37794
was published
Jul 15, 2023
netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used...
Critical
Unreviewed
CVE-2023-38336
was published
Jul 15, 2023
ELECOM wireless LAN router WRC-1167GHBK3-A v1.24 and earlier allows a remote unauthenticated...
Critical
Unreviewed
CVE-2023-37567
was published
Jul 13, 2023
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability...
Critical
Unreviewed
CVE-2023-37148
was published
Jul 7, 2023
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability...
Critical
Unreviewed
CVE-2023-37149
was published
Jul 7, 2023
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability...
Critical
Unreviewed
CVE-2023-37146
was published
Jul 7, 2023
Tenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac...
Critical
Unreviewed
CVE-2023-37144
was published
Jul 7, 2023
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability...
Critical
Unreviewed
CVE-2023-37145
was published
Jul 7, 2023
A remote command injection vulnerability exists in the Barracuda Email Security Gateway ...
Critical
Unreviewed
CVE-2023-2868
was published
Jul 6, 2023
There is a command injection vulnerability using environment variables in Bitbucket Server and...
Critical
Unreviewed
CVE-2022-43781
was published
Jul 6, 2023
A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on...
Critical
Unreviewed
CVE-2023-28365
was published
Jul 1, 2023
An unauthorized command injection vulnerability exists in the ActionLogin function of the webman...
Critical
Unreviewed
CVE-2023-34849
was published
Jun 29, 2023
There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1...
Critical
Unreviewed
CVE-2023-31746
was published
Jun 14, 2023
ProTip!
Advisories are also available from the
GraphQL API