GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,884 advisories
Filter by severity
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker...
Moderate
Unreviewed
CVE-2024-20399
was published
Jul 1, 2024
Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could...
High
Unreviewed
CVE-2023-3454
was published
Apr 4, 2024
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows...
High
Unreviewed
CVE-2019-17621
was published
May 24, 2022
The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request...
High
Unreviewed
CVE-2024-4748
was published
Jun 24, 2024
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an...
High
Unreviewed
CVE-2024-37140
was published
Jun 26, 2024
A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability...
Critical
Unreviewed
CVE-2024-5181
was published
Jun 26, 2024
Rejected reason: CVE number will be reassigned.
Unknown
Unreviewed
CVE-2023-5037
was published
Nov 13, 2023
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache...
Critical
Unreviewed
CVE-2024-4577
was published
Jun 9, 2024
A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This...
Moderate
Unreviewed
CVE-2024-6187
was published
Jun 20, 2024
A vulnerability, which was classified as critical, was found in Ruijie RG-UAC 1.0. This affects...
Moderate
Unreviewed
CVE-2024-6186
was published
Jun 20, 2024
A vulnerability classified as critical was found in Ruijie RG-UAC 1.0. Affected by this...
Moderate
Unreviewed
CVE-2024-6184
was published
Jun 20, 2024
A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC 1.0. Affected...
Moderate
Unreviewed
CVE-2024-6185
was published
Jun 20, 2024
Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email...
Critical
Unreviewed
CVE-2024-6048
was published
Jun 17, 2024
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality....
Critical
Unreviewed
CVE-2024-6047
was published
Jun 17, 2024
SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in...
Critical
Unreviewed
CVE-2024-6046
was published
Jun 17, 2024
The specific function parameter of ASUS Download Master does not properly filter user input. An...
High
Unreviewed
CVE-2024-31162
was published
Jun 14, 2024
Remote Command program allows an attacker to get Remote Code Execution. As for the affected...
Critical
Unreviewed
CVE-2024-27172
was published
Jun 14, 2024
A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2...
High
Unreviewed
CVE-2024-4696
was published
Jun 13, 2024
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V8.0),...
High
Unreviewed
CVE-2023-49691
was published
Dec 12, 2023
An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and...
High
Unreviewed
CVE-2023-49897
was published
Dec 6, 2023
Missing input validation and OS command integration of the input in the utnserver Pro, utnserver...
Unknown
Unreviewed
CVE-2024-5421
was published
Jun 4, 2024
System command injection through Netflow function due to improper input validation, allowing...
Unknown
Unreviewed
CVE-2024-35304
was published
Jun 10, 2024
OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by...
Unknown
Unreviewed
CVE-2024-35306
was published
Jun 10, 2024
Command injection vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us...
High
Unreviewed
CVE-2024-5785
was published
Jun 10, 2024
An OS command injection vulnerability exists in the MacOS Text-To-Speech class MacOSTTS of the...
High
Unreviewed
CVE-2024-1880
was published
Jun 6, 2024
ProTip!
Advisories are also available from the
GraphQL API