Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

738 advisories

Loading
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0.... Critical Unreviewed
CVE-2023-38865 was published Aug 15, 2023
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the... Critical Unreviewed
CVE-2023-38862 was published Aug 15, 2023
An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute... Critical Unreviewed
CVE-2023-38861 was published Aug 15, 2023
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname... Critical Unreviewed
CVE-2023-38863 was published Aug 15, 2023
A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense before... Critical Unreviewed
CVE-2023-39008 was published Aug 9, 2023
A command injection vulnerability in the component diag_backup.php of OPNsense before 23.7 allows... Critical Unreviewed
CVE-2023-39001 was published Aug 9, 2023
There is a command injection problem in the old version of the mobile phone backup app. Critical Unreviewed
CVE-2023-26310 was published Aug 9, 2023
Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2023-38928 was published Aug 7, 2023
django-sspanel v2022.2.2 was discovered to contain a remote command execution (RCE) vulnerability... Critical Unreviewed
CVE-2023-38941 was published Aug 4, 2023
A vulnerability has been discovered in Xiaomi routers that could allow command injection through... Critical Unreviewed
CVE-2023-26317 was published Aug 2, 2023
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18... Critical Unreviewed
CVE-2023-34960 was published Aug 1, 2023
Heights Telecom ERO1xS-Pro Dual-Band FW version BZ_ERO1XP.025. Critical Unreviewed
CVE-2023-37214 was published Jul 30, 2023
WAYOS FBM-291W 19.09.11V was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2023-37794 was published Jul 15, 2023
netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used... Critical Unreviewed
CVE-2023-38336 was published Jul 15, 2023
ELECOM wireless LAN router WRC-1167GHBK3-A v1.24 and earlier allows a remote unauthenticated... Critical Unreviewed
CVE-2023-37567 was published Jul 13, 2023
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2023-37148 was published Jul 7, 2023
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2023-37149 was published Jul 7, 2023
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2023-37146 was published Jul 7, 2023
Tenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac... Critical Unreviewed
CVE-2023-37144 was published Jul 7, 2023
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2023-37145 was published Jul 7, 2023
A remote command injection vulnerability exists in the Barracuda Email Security Gateway ... Critical Unreviewed
CVE-2023-2868 was published Jul 6, 2023
There is a command injection vulnerability using environment variables in Bitbucket Server and... Critical Unreviewed
CVE-2022-43781 was published Jul 6, 2023
A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on... Critical Unreviewed
CVE-2023-28365 was published Jul 1, 2023
An unauthorized command injection vulnerability exists in the ActionLogin function of the webman... Critical Unreviewed
CVE-2023-34849 was published Jun 29, 2023
There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1... Critical Unreviewed
CVE-2023-31746 was published Jun 14, 2023
ProTip! Advisories are also available from the GraphQL API