GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,205 advisories
Filter by severity
A post-authentication remote command injection vulnerability in a CGI file in Western Digital My...
High
Unreviewed
CVE-2023-22816
was published
Jul 1, 2023
Post-authentication remote command injection vulnerabilities in Western Digital My Cloud OS 5...
Moderate
Unreviewed
CVE-2023-22815
was published
Jul 1, 2023
Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html...
Critical
Unreviewed
CVE-2023-47253
was published
Nov 6, 2023
Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via...
Critical
Unreviewed
CVE-2024-24216
was published
Feb 8, 2024
Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into...
Critical
Unreviewed
CVE-2024-29864
was published
Mar 21, 2024
Ansible fails to properly sanitize fact variables sent from the Ansible controller
Critical
CVE-2016-8628
was published
for
ansible
(pip)
Oct 10, 2018
WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm.
High
Unreviewed
CVE-2024-44383
was published
Sep 4, 2024
Commands can be injected over the network and executed without authentication.
High
Unreviewed
CVE-2024-7029
was published
Aug 2, 2024
An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows...
Critical
Unreviewed
CVE-2023-52042
was published
Jan 17, 2024
Vulnerability in admin_ip.php in Seacms v13.1, when action=set, allows attackers to control IP...
High
Unreviewed
CVE-2024-44916
was published
Aug 30, 2024
Command Injection vulnerability in D-Link Dir 816 with firmware version DIR-816_A2_v1.10CNB04...
Critical
Unreviewed
CVE-2023-24331
was published
Feb 21, 2024
An issue in idocv v.14.1.3_20231228 allows a remote attacker to execute arbitrary code and obtain...
High
Unreviewed
CVE-2024-24377
was published
Feb 16, 2024
In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the...
Critical
Unreviewed
CVE-2023-49959
was published
Feb 26, 2024
A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320,...
Moderate
Unreviewed
CVE-2024-8214
was published
Aug 27, 2024
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW,...
Moderate
Unreviewed
CVE-2024-8211
was published
Aug 27, 2024
A vulnerability classified as critical has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS...
Moderate
Unreviewed
CVE-2024-8213
was published
Aug 27, 2024
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW,...
Moderate
Unreviewed
CVE-2024-8210
was published
Aug 27, 2024
FitNesse allows execution of arbitrary OS commands
Critical
CVE-2024-28125
was published
for
org.fitnesse:fitnesse
(Maven)
Mar 18, 2024
Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60 has a command execution...
Critical
Unreviewed
CVE-2024-42905
was published
Aug 28, 2024
An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId...
Moderate
Unreviewed
CVE-2024-29435
was published
Apr 1, 2024
An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via...
Moderate
Unreviewed
CVE-2023-51835
was published
Feb 29, 2024
TYPO3 Install Tool vulnerable to Code Execution
High
CVE-2024-22188
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE)...
High
Unreviewed
CVE-2024-31811
was published
Apr 8, 2024
A vulnerability identified in Advance Authentication that allows bash command Injection in...
Moderate
Unreviewed
CVE-2021-38120
was published
Aug 28, 2024
There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware...
High
Unreviewed
CVE-2024-28353
was published
Mar 15, 2024
ProTip!
Advisories are also available from the
GraphQL API