Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,064
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

981 advisories

Loading
D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 is vulnerable to Command... Critical Unreviewed
CVE-2022-37056 was published Aug 29, 2022
D-Link DIR-806 devices allow remote attackers to execute arbitrary shell commands via a trailing... Critical Unreviewed
CVE-2019-10891 was published May 24, 2022
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to... Critical Unreviewed
CVE-2022-37057 was published Aug 29, 2022
D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main... Critical Unreviewed
CVE-2024-33112 was published May 6, 2024
Moxa’s cellular routers, secure routers, and network security appliances are affected by a... Critical Unreviewed
CVE-2024-9140 was published Jan 3, 2025
Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible... Critical Unreviewed
CVE-2024-1297 was published Feb 20, 2024
Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows... Critical Unreviewed
CVE-2024-12828 was published Dec 30, 2024
Tiki Wiki CMS – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS... Critical Unreviewed
CVE-2024-47919 was published Dec 30, 2024
GoCast OS Command Injection vulnerability Critical
CVE-2024-28892 was published for github.com/mayuresh82/gocast (Go) Dec 20, 2024
Malayke
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache... Critical Unreviewed
CVE-2024-4577 was published Jun 9, 2024
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0... Critical Unreviewed
CVE-2024-45519 was published Oct 3, 2024
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled Critical
CVE-2024-56145 was published for craftcms/cms (Composer) Dec 18, 2024
akues-an
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell... Critical Unreviewed
CVE-2018-14933 was published May 13, 2022
rizin before v0.6.3 is vulnerable to Improper Neutralization of Special Elements via meta_set... Critical Unreviewed
CVE-2024-31668 was published Dec 18, 2024
An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. A specially... Critical Unreviewed
CVE-2024-29224 was published Dec 18, 2024
In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used... Critical Unreviewed
CVE-2024-52723 was published Nov 22, 2024
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb... Critical Unreviewed
CVE-2024-51378 was published Oct 30, 2024
The affected product is vulnerable to a command injection. An unauthenticated attacker could send... Critical Unreviewed
CVE-2024-52320 was published Dec 6, 2024
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated... Critical Unreviewed
CVE-2024-49803 was published Nov 29, 2024
A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and... Critical Unreviewed
CVE-2024-11482 was published Nov 29, 2024
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command... Critical Unreviewed
CVE-2024-50370 was published Nov 26, 2024
A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following... Critical Unreviewed
CVE-2024-50375 was published Nov 26, 2024
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command... Critical Unreviewed
CVE-2024-50371 was published Nov 26, 2024
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command... Critical Unreviewed
CVE-2024-50372 was published Nov 26, 2024
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command... Critical Unreviewed
CVE-2024-50374 was published Nov 26, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database