Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,340
Erlang
31
GitHub Actions
22
Go
2,101
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
885
Swift
37
Unreviewed advisories
All unreviewed
5,000+

979 advisories

Loading
An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to... Critical Unreviewed
CVE-2024-48904 was published Oct 22, 2024
A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an... Critical Unreviewed
CVE-2024-35285 was published Oct 21, 2024
A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote,... Critical Unreviewed
CVE-2024-40089 was published Oct 21, 2024
An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the... Critical Unreviewed
CVE-2024-48659 was published Oct 21, 2024
The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote... Critical Unreviewed
CVE-2024-10131 was published Oct 19, 2024
Grafana Command Injection And Local File Inclusion Via Sql Expressions Critical
CVE-2024-9264 was published for github.com/grafana/grafana (Go) Oct 18, 2024
Malayke
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and... Critical Unreviewed
CVE-2024-48153 was published Oct 14, 2024
A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0).... Critical Unreviewed
CVE-2024-47562 was published Oct 8, 2024
A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC)... Critical Unreviewed
CVE-2024-20432 was published Oct 2, 2024
A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an... Critical Unreviewed
CVE-2024-46256 was published Sep 27, 2024
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a... Critical Unreviewed
CVE-2024-45066 was published Sep 25, 2024
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a... Critical Unreviewed
CVE-2024-43693 was published Sep 25, 2024
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated... Critical Unreviewed
CVE-2024-42505 was published Sep 25, 2024
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated... Critical Unreviewed
CVE-2024-42506 was published Sep 25, 2024
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated... Critical Unreviewed
CVE-2024-42507 was published Sep 25, 2024
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute... Critical Unreviewed
CVE-2024-0005 was published Sep 23, 2024
CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The... Critical Unreviewed
CVE-2024-45824 was published Sep 12, 2024
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers... Critical Unreviewed
CVE-2024-44466 was published Sep 11, 2024
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. Critical Unreviewed
CVE-2024-44410 was published Sep 9, 2024
D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm. Critical Unreviewed
CVE-2024-44402 was published Sep 6, 2024
D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the... Critical Unreviewed
CVE-2024-44401 was published Sep 6, 2024
Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60 has a command execution... Critical Unreviewed
CVE-2024-42905 was published Aug 28, 2024
Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application... Critical Unreviewed
CVE-2024-8073 was published Aug 26, 2024
An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows... Critical Unreviewed
CVE-2024-42947 was published Aug 15, 2024
Command Injection in sequenceserver Critical
CVE-2024-42360 was published for sequenceserver (RubyGems) Aug 13, 2024
drpowell tadast
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database