GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,579
Composer 4,205
Erlang 31
GitHub Actions 19
Go 1,986
Maven 5,169
npm 3,703
NuGet 661
pip 3,329
Pub 11
RubyGems 884
Rust 844
Swift 36

Unreviewed advisories

All unreviewed 234,114

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,897 advisories

Filter by severity

Sort by

Least recently updated

Multiple improper neutralization of special elements used in an OS command ('OS Command Injection... Moderate Unreviewed

CVE-2024-32118 was published Nov 12, 2024

Wi-Fi Alliance wfa_dut (in Wi-Fi Test Suite) through 9.0.0 allows OS command injection via 802... High Unreviewed

CVE-2024-41992 was published Nov 11, 2024

Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure... Critical Unreviewed

CVE-2024-11006 was published Nov 12, 2024

Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure... Critical Unreviewed

CVE-2024-11005 was published Nov 12, 2024

Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure... Critical Unreviewed

CVE-2024-11007 was published Nov 12, 2024

EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an... Critical Unreviewed

CVE-2024-36061 was published Nov 11, 2024

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected... Critical Unreviewed

CVE-2024-46890 was published Nov 12, 2024

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue... High Unreviewed

CVE-2024-45827 was published Nov 12, 2024

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48... Moderate Unreviewed

CVE-2024-8881 was published Nov 12, 2024

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers... High Unreviewed

CVE-2024-11065 was published Nov 11, 2024

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers... High Unreviewed

CVE-2024-11066 was published Nov 11, 2024

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers... High Unreviewed

CVE-2024-11063 was published Nov 11, 2024

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers... High Unreviewed

CVE-2024-11062 was published Nov 11, 2024

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers... High Unreviewed

CVE-2024-11064 was published Nov 11, 2024

An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an... High Unreviewed

CVE-2024-48074 was published Oct 28, 2024

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It... Critical Unreviewed

CVE-2024-10915 was published Nov 6, 2024

A vulnerability has been found in didi Super-Jacoco 1.0 and classified as critical. Affected by... Moderate Unreviewed

CVE-2024-10919 was published Nov 6, 2024

The pwrstudio web application of EV Charger (in the server in Circontrol Raption through 5.6.2)... Critical Unreviewed

CVE-2020-8007 was published Nov 8, 2024

Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of... Critical Unreviewed

CVE-2024-45763 was published Nov 8, 2024

Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of... Critical Unreviewed

CVE-2024-45765 was published Nov 8, 2024

Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a... Moderate Unreviewed

CVE-2023-5677 was published Feb 5, 2024

User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi”... High Unreviewed

CVE-2023-21410 was published Aug 3, 2023

GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution... High Unreviewed

CVE-2023-21413 was published Oct 16, 2023

User provided input is not sanitized in the “Settings > Access Control” configuration interface... High Unreviewed

CVE-2023-21411 was published Aug 3, 2023

An issue was discovered in Logpoint before 7.5.0. Unvalidated input during the EventHub Collector... Moderate Unreviewed

CVE-2024-48954 was published Nov 7, 2024

Previous 1 2 3 4 5 … 115 116 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

2,897 advisories