Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,049
Erlang
29
GitHub Actions
18
Go
1,871
Maven
5,000+
npm
3,597
NuGet
638
pip
3,198
Pub
10
RubyGems
852
Rust
809
Swift
35
Unreviewed advisories
All unreviewed
5,000+

894 advisories

An issue was discovered in Anyka Microelectronics AK3918EV300 MCU v18. A command injection... Critical Unreviewed
CVE-2023-30400 was published Jun 7, 2023
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with... Critical Unreviewed
CVE-2023-20887 was published Jun 7, 2023
TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection... Critical Unreviewed
CVE-2023-33556 was published Jun 7, 2023
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command... Critical Unreviewed
CVE-2023-33625 was published Jun 12, 2023
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command... Critical Unreviewed
CVE-2023-26295 was published Jun 13, 2023
TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection... Critical Unreviewed
CVE-2023-27837 was published Jun 13, 2023
TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection... Critical Unreviewed
CVE-2023-27836 was published Jun 13, 2023
There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1... Critical Unreviewed
CVE-2023-31746 was published Jun 14, 2023
An unauthorized command injection vulnerability exists in the ActionLogin function of the webman... Critical Unreviewed
CVE-2023-34849 was published Jun 29, 2023
A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on... Critical Unreviewed
CVE-2023-28365 was published Jul 1, 2023
There is a command injection vulnerability using environment variables in Bitbucket Server and... Critical Unreviewed
CVE-2022-43781 was published Jul 6, 2023
A remote command injection vulnerability exists in the Barracuda Email Security Gateway ... Critical Unreviewed
CVE-2023-2868 was published Jul 6, 2023
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2023-37145 was published Jul 7, 2023
Tenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac... Critical Unreviewed
CVE-2023-37144 was published Jul 7, 2023
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2023-37146 was published Jul 7, 2023
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2023-37149 was published Jul 7, 2023
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2023-37148 was published Jul 7, 2023
ELECOM wireless LAN router WRC-1167GHBK3-A v1.24 and earlier allows a remote unauthenticated... Critical Unreviewed
CVE-2023-37567 was published Jul 13, 2023
netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used... Critical Unreviewed
CVE-2023-38336 was published Jul 15, 2023
WAYOS FBM-291W 19.09.11V was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2023-37794 was published Jul 15, 2023
Heights Telecom ERO1xS-Pro Dual-Band FW version BZ_ERO1XP.025. Critical Unreviewed
CVE-2023-37214 was published Jul 30, 2023
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18... Critical Unreviewed
CVE-2023-34960 was published Aug 1, 2023
A vulnerability has been discovered in Xiaomi routers that could allow command injection through... Critical Unreviewed
CVE-2023-26317 was published Aug 2, 2023
django-sspanel v2022.2.2 was discovered to contain a remote command execution (RCE) vulnerability... Critical Unreviewed
CVE-2023-38941 was published Aug 4, 2023
Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2023-38928 was published Aug 7, 2023
ProTip! Advisories are also available from the GraphQL API