Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+

868 advisories

Loading
Apache HugeGraph-Server: Command execution in gremlin Critical
CVE-2024-27348 was published for org.apache.hugegraph:hugegraph-api (Maven) Apr 22, 2024
A remote code execution vulnerability exists in the parisneo/lollms-webui application,... Critical Unreviewed
CVE-2024-2366 was published May 16, 2024
A vulnerability in the parisneo/lollms, specifically in the `/unInstall_binding` endpoint, allows... Critical Unreviewed
CVE-2024-4078 was published May 16, 2024
ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command Critical
CVE-2024-5023 was published for consoleme (pip) May 16, 2024
jaydhulia scottpacknetflix
patricksanders
Command Injection Vulnerability with Mercurial in VCS Critical
CVE-2022-21235 was published for github.com/Masterminds/vcs (Go) Apr 1, 2022
dellalibera
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Critical Unreviewed
CVE-2024-34792 was published Jun 4, 2024
A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior... Critical Unreviewed
CVE-2024-5480 was published Jun 6, 2024
Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn... Critical Unreviewed
CVE-2024-36604 was published Jun 4, 2024
xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have... Critical Unreviewed
CVE-2022-45063 was published Nov 10, 2022
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Critical Unreviewed
CVE-2024-37091 was published Jun 24, 2024
In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in... Critical Unreviewed
CVE-2024-4883 was published Jun 25, 2024
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution... Critical Unreviewed
CVE-2024-4884 was published Jun 25, 2024
D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of... Critical Unreviewed
CVE-2024-33344 was published Apr 26, 2024
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl... Critical Unreviewed
CVE-2024-33789 was published May 3, 2024
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection... Critical Unreviewed
CVE-2024-32353 was published May 14, 2024
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2024-37642 was published Jun 14, 2024
Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because... Critical Unreviewed
CVE-2014-5470 was published Jun 22, 2024
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The... Critical Unreviewed
CVE-2022-32262 was published Jun 15, 2022
ProTip! Advisories are also available from the GraphQL API