Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

738 advisories

Loading
Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because... Critical Unreviewed
CVE-2014-5470 was published Jun 22, 2024
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2024-37642 was published Jun 14, 2024
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection... Critical Unreviewed
CVE-2024-32353 was published May 14, 2024
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl... Critical Unreviewed
CVE-2024-33789 was published May 3, 2024
D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of... Critical Unreviewed
CVE-2024-33344 was published Apr 26, 2024
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution... Critical Unreviewed
CVE-2024-4884 was published Jun 25, 2024
In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in... Critical Unreviewed
CVE-2024-4883 was published Jun 25, 2024
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Critical Unreviewed
CVE-2024-37091 was published Jun 24, 2024
xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have... Critical Unreviewed
CVE-2022-45063 was published Nov 10, 2022
Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn... Critical Unreviewed
CVE-2024-36604 was published Jun 4, 2024
A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior... Critical Unreviewed
CVE-2024-5480 was published Jun 6, 2024
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Critical Unreviewed
CVE-2024-34792 was published Jun 4, 2024
A vulnerability in the parisneo/lollms, specifically in the `/unInstall_binding` endpoint, allows... Critical Unreviewed
CVE-2024-4078 was published May 16, 2024
A remote code execution vulnerability exists in the parisneo/lollms-webui application,... Critical Unreviewed
CVE-2024-2366 was published May 16, 2024
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS... Critical Unreviewed
CVE-2024-3400 was published Apr 12, 2024
An OS command injection vulnerability has been reported to affect several QNAP operating system... Critical Unreviewed
CVE-2024-32766 was published Apr 26, 2024
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in... Critical Unreviewed
CVE-2023-43204 was published Sep 20, 2023
The Danfoss AK-EM100 web applications allow for OS command injection through the web application... Critical Unreviewed
CVE-2023-25911 was published Jun 11, 2023
Dango-Translator v4.5.5 was discovered to contain a remote command execution (RCE) vulnerability... Critical Unreviewed
CVE-2023-38942 was published Aug 3, 2023
In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass... Critical Unreviewed
CVE-2023-45852 was published Oct 14, 2023
A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller... Critical Unreviewed
CVE-2023-39293 was published Aug 14, 2023
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat... Critical Unreviewed
CVE-2023-41724 was published Mar 31, 2024
An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2023-46574 was published Oct 25, 2023
TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection. Critical Unreviewed
CVE-2023-36954 was published Oct 16, 2023
TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection. Critical Unreviewed
CVE-2023-36953 was published Oct 16, 2023
ProTip! Advisories are also available from the GraphQL API