GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,332 advisories
Filter by severity
An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the...
Critical
Unreviewed
CVE-2024-48659
was published
Oct 21, 2024
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified...
Moderate
Unreviewed
CVE-2024-10193
was published
Oct 20, 2024
The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote...
Critical
Unreviewed
CVE-2024-10131
was published
Oct 19, 2024
Grafana Command Injection And Local File Inclusion Via Sql Expressions
Critical
CVE-2024-9264
was published
for
github.com/grafana/grafana
(Go)
Oct 18, 2024
Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable...
High
Unreviewed
CVE-2024-35519
was published
Oct 15, 2024
Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the...
High
Unreviewed
CVE-2024-35518
was published
Oct 15, 2024
Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2...
High
Unreviewed
CVE-2024-35520
was published
Oct 15, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and...
Critical
Unreviewed
CVE-2024-48153
was published
Oct 14, 2024
Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an...
High
Unreviewed
CVE-2024-35522
was published
Oct 12, 2024
Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the...
High
Unreviewed
CVE-2024-35517
was published
Oct 12, 2024
A vulnerability was discovered in DI_8200-16.07.26A1, which has been classified as critical. This...
High
Unreviewed
CVE-2024-44413
was published
Oct 11, 2024
A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated,...
Moderate
Unreviewed
CVE-2024-39563
was published
Oct 11, 2024
A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This...
Moderate
Unreviewed
CVE-2024-9793
was published
Oct 10, 2024
Mware NSX contains a command injection vulnerability.
A malicious actor with access to the NSX...
Moderate
Unreviewed
CVE-2024-38817
was published
Oct 9, 2024
In Progress Telerik Reporting versions prior to 2024 Q3 (2024.3.924), a command injection attack...
High
Unreviewed
CVE-2024-7840
was published
Oct 9, 2024
In linkturbonative service, there is a possible command injection due to improper input...
Moderate
Unreviewed
CVE-2024-39436
was published
Oct 9, 2024
In linkturbonative service, there is a possible command injection due to improper input...
Moderate
Unreviewed
CVE-2024-39437
was published
Oct 9, 2024
In linkturbonative service, there is a possible command injection due to improper input...
Moderate
Unreviewed
CVE-2024-39438
was published
Oct 9, 2024
Visual Studio Code for Linux Remote Code Execution Vulnerability
High
Unreviewed
CVE-2024-43601
was published
Oct 8, 2024
Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability
High
Unreviewed
CVE-2024-43591
was published
Oct 8, 2024
DeepSpeed Remote Code Execution Vulnerability
High
CVE-2024-43497
was published
for
deepspeed
(pip)
Oct 8, 2024
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2...
High
Unreviewed
CVE-2024-9380
was published
Oct 8, 2024
A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0)....
Critical
Unreviewed
CVE-2024-47562
was published
Oct 8, 2024
A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated,...
Moderate
Unreviewed
CVE-2024-20492
was published
Oct 2, 2024
A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC)...
Critical
Unreviewed
CVE-2024-20432
was published
Oct 2, 2024
ProTip!
Advisories are also available from the
GraphQL API