Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,319
Erlang
31
GitHub Actions
21
Go
2,077
Maven
5,000+
npm
3,746
NuGet
674
pip
3,435
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

975 advisories

Loading
Command injection vulnerability in the underlying CLI service could lead to unauthenticated... Critical Unreviewed
CVE-2024-42509 was published Nov 6, 2024
Command injection vulnerability in the underlying CLI service could lead to unauthenticated... Critical Unreviewed
CVE-2024-47460 was published Nov 6, 2024
Grafana Command Injection And Local File Inclusion Via Sql Expressions Critical
CVE-2024-9264 was published for github.com/grafana/grafana (Go) Oct 18, 2024
Malayke
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and... Critical Unreviewed
CVE-2024-51255 was published Oct 31, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and... Critical Unreviewed
CVE-2024-51259 was published Oct 31, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and... Critical Unreviewed
CVE-2024-51260 was published Oct 31, 2024
A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything... Critical Unreviewed
CVE-2024-48144 was published Oct 24, 2024
A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1... Critical Unreviewed
CVE-2024-48145 was published Oct 24, 2024
TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection... Critical Unreviewed
CVE-2023-34215 was published Aug 17, 2023
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and... Critical Unreviewed
CVE-2023-33239 was published Aug 17, 2023
TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability... Critical Unreviewed
CVE-2023-34213 was published Aug 17, 2023
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and... Critical Unreviewed
CVE-2023-33238 was published Aug 17, 2023
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and... Critical Unreviewed
CVE-2023-34214 was published Aug 17, 2023
A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an... Critical Unreviewed
CVE-2024-46256 was published Sep 27, 2024
SaltStack Salt command injection in the Salt-API when using the Salt-SSH client Critical
CVE-2021-3148 was published for salt (pip) May 24, 2022
An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the... Critical Unreviewed
CVE-2024-48659 was published Oct 21, 2024
An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to... Critical Unreviewed
CVE-2024-48904 was published Oct 22, 2024
A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an... Critical Unreviewed
CVE-2024-35285 was published Oct 21, 2024
A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote,... Critical Unreviewed
CVE-2024-40089 was published Oct 21, 2024
Command Injection in Simiki Critical
CVE-2020-19001 was published for simiki (pip) Sep 1, 2021
SaltStack Salt is vulnerable to command injection Critical
CVE-2019-17361 was published for salt (pip) May 24, 2022
pydash Command Injection vulnerability Critical
CVE-2023-26145 was published for pydash (pip) Sep 28, 2023
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Critical Unreviewed
CVE-2024-37091 was published Jun 24, 2024
The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote... Critical Unreviewed
CVE-2024-10131 was published Oct 19, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and... Critical Unreviewed
CVE-2024-48153 was published Oct 14, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database