GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
943 advisories
Filter by severity
An OS command injection vulnerability has been reported to affect several product versions. If...
Critical
Unreviewed
CVE-2024-48860
was published
Nov 22, 2024
D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function...
Critical
Unreviewed
CVE-2024-51151
was published
Nov 22, 2024
Improper neutralization of special elements used in a command ('Command Injection') vulnerability...
Critical
Unreviewed
CVE-2024-10443
was published
Nov 15, 2024
An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME...
Critical
Unreviewed
CVE-2024-28729
was published
Nov 13, 2024
Sublime Text 4 was discovered to contain a command injection vulnerability via the New Build...
Critical
Unreviewed
CVE-2024-25255
was published
Nov 12, 2024
A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless...
Critical
Unreviewed
CVE-2024-20418
was published
Nov 6, 2024
Command injection vulnerability in the underlying CLI service could lead to unauthenticated...
Critical
Unreviewed
CVE-2024-47460
was published
Nov 6, 2024
An issue in Lens Visual integration with Power BI v.4.0.0.3 allows a remote attacker to execute...
Critical
Unreviewed
CVE-2024-48746
was published
Nov 6, 2024
Command injection vulnerability in the underlying CLI service could lead to unauthenticated...
Critical
Unreviewed
CVE-2024-42509
was published
Nov 6, 2024
DCME-320 v7.4.12.90 was discovered to contain a command injection vulnerability.
Critical
Unreviewed
CVE-2024-51115
was published
Nov 6, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and...
Critical
Unreviewed
CVE-2024-51255
was published
Oct 31, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and...
Critical
Unreviewed
CVE-2024-51260
was published
Oct 31, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and...
Critical
Unreviewed
CVE-2024-51259
was published
Oct 31, 2024
A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything...
Critical
Unreviewed
CVE-2024-48144
was published
Oct 24, 2024
A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1...
Critical
Unreviewed
CVE-2024-48145
was published
Oct 24, 2024
An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to...
Critical
Unreviewed
CVE-2024-48904
was published
Oct 22, 2024
A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote,...
Critical
Unreviewed
CVE-2024-40089
was published
Oct 21, 2024
A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an...
Critical
Unreviewed
CVE-2024-35285
was published
Oct 21, 2024
An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the...
Critical
Unreviewed
CVE-2024-48659
was published
Oct 21, 2024
The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote...
Critical
Unreviewed
CVE-2024-10131
was published
Oct 19, 2024
Grafana Command Injection And Local File Inclusion Via Sql Expressions
Critical
CVE-2024-9264
was published
for
github.com/grafana/grafana
(Go)
Oct 18, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and...
Critical
Unreviewed
CVE-2024-48153
was published
Oct 14, 2024
A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0)....
Critical
Unreviewed
CVE-2024-47562
was published
Oct 8, 2024
A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC)...
Critical
Unreviewed
CVE-2024-20432
was published
Oct 2, 2024
A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an...
Critical
Unreviewed
CVE-2024-46256
was published
Sep 27, 2024
ProTip!
Advisories are also available from the
GraphQL API