Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

800 advisories

Loading
A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless... Critical Unreviewed
CVE-2024-20418 was published Nov 6, 2024
An issue in Lens Visual integration with Power BI v.4.0.0.3 allows a remote attacker to execute... Critical Unreviewed
CVE-2024-48746 was published Nov 6, 2024
DCME-320 v7.4.12.90 was discovered to contain a command injection vulnerability. Critical Unreviewed
CVE-2024-51115 was published Nov 6, 2024
Command injection vulnerability in the underlying CLI service could lead to unauthenticated... Critical Unreviewed
CVE-2024-42509 was published Nov 6, 2024
Command injection vulnerability in the underlying CLI service could lead to unauthenticated... Critical Unreviewed
CVE-2024-47460 was published Nov 6, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and... Critical Unreviewed
CVE-2024-51255 was published Oct 31, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and... Critical Unreviewed
CVE-2024-51259 was published Oct 31, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and... Critical Unreviewed
CVE-2024-51260 was published Oct 31, 2024
A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1... Critical Unreviewed
CVE-2024-48145 was published Oct 24, 2024
A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything... Critical Unreviewed
CVE-2024-48144 was published Oct 24, 2024
TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection... Critical Unreviewed
CVE-2023-34215 was published Aug 17, 2023
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and... Critical Unreviewed
CVE-2023-33239 was published Aug 17, 2023
TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability... Critical Unreviewed
CVE-2023-34213 was published Aug 17, 2023
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and... Critical Unreviewed
CVE-2023-33238 was published Aug 17, 2023
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and... Critical Unreviewed
CVE-2023-34214 was published Aug 17, 2023
A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an... Critical Unreviewed
CVE-2024-46256 was published Sep 27, 2024
An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the... Critical Unreviewed
CVE-2024-48659 was published Oct 21, 2024
An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to... Critical Unreviewed
CVE-2024-48904 was published Oct 22, 2024
A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an... Critical Unreviewed
CVE-2024-35285 was published Oct 21, 2024
A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote,... Critical Unreviewed
CVE-2024-40089 was published Oct 21, 2024
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Critical Unreviewed
CVE-2024-37091 was published Jun 24, 2024
The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote... Critical Unreviewed
CVE-2024-10131 was published Oct 19, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and... Critical Unreviewed
CVE-2024-48153 was published Oct 14, 2024
The Danfoss AK-EM100 web applications allow for OS command injection through the web application... Critical Unreviewed
CVE-2023-25911 was published Jun 11, 2023
SpotCam Co., Ltd. SpotCam Sense’s hidden Telnet function has a vulnerability of OS command... Critical Unreviewed
CVE-2023-38027 was published Aug 28, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database