Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

306 advisories

Loading
Splinefont in FontForge through 20230101 allows command injection via crafted filenames. Moderate Unreviewed
CVE-2024-25081 was published Feb 26, 2024
A vulnerability identified in Advance Authentication that allows bash command Injection in... Moderate Unreviewed
CVE-2021-38120 was published Aug 28, 2024
An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via... Moderate Unreviewed
CVE-2023-51835 was published Feb 29, 2024
An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId... Moderate Unreviewed
CVE-2024-29435 was published Apr 1, 2024
A vulnerability classified as critical has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS... Moderate Unreviewed
CVE-2024-8213 was published Aug 27, 2024
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW,... Moderate Unreviewed
CVE-2024-8210 was published Aug 27, 2024
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW,... Moderate Unreviewed
CVE-2024-8211 was published Aug 27, 2024
A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320,... Moderate Unreviewed
CVE-2024-8214 was published Aug 27, 2024
Post-authentication remote command injection vulnerabilities in Western Digital My Cloud OS 5... Moderate Unreviewed
CVE-2023-22815 was published Jul 1, 2023
An OS command injection vulnerability has been reported to affect several QNAP operating system... Moderate Unreviewed
CVE-2024-21903 was published Sep 6, 2024
Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using... Moderate Unreviewed
CVE-2023-31429 was published Aug 1, 2023
Xiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability... Moderate Unreviewed
CVE-2024-45348 was published Sep 23, 2024
An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows... Moderate Unreviewed
CVE-2024-4712 was published May 14, 2024
An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows... Moderate Unreviewed
CVE-2024-8405 was published Sep 26, 2024
Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information... Moderate Unreviewed
CVE-2024-45989 was published Sep 26, 2024
PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before 2.11.0 are vulnerable to... Moderate Unreviewed
CVE-2024-44610 was published Oct 1, 2024
A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco... Moderate Unreviewed
CVE-2024-20365 was published Oct 2, 2024
A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated,... Moderate Unreviewed
CVE-2024-20492 was published Oct 2, 2024
The Xiaomi router AX9000 has a post-authentication command injection vulnerability. This... Moderate Unreviewed
CVE-2023-26315 was published Aug 26, 2024
Mware NSX contains a command injection vulnerability.  A malicious actor with access to the NSX... Moderate Unreviewed
CVE-2024-38817 was published Oct 9, 2024
A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated,... Moderate Unreviewed
CVE-2024-39563 was published Oct 11, 2024
Command Injection in pip when used with Mercurial Moderate
CVE-2023-5752 was published for pip (pip) Oct 25, 2023
mwpeterson
In linkturbonative service, there is a possible command injection due to improper input... Moderate Unreviewed
CVE-2024-39437 was published Oct 9, 2024
In linkturbonative service, there is a possible command injection due to improper input... Moderate Unreviewed
CVE-2024-39436 was published Oct 9, 2024
In linkturbonative service, there is a possible command injection due to improper input... Moderate Unreviewed
CVE-2024-39438 was published Oct 9, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database