GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,131
Erlang
29
GitHub Actions
19
Go
1,934
Maven
5,000+
npm
3,668
NuGet
642
pip
3,287
Pub
10
RubyGems
873
Rust
828
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,128 advisories
Filter by severity
An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated...
Critical
Unreviewed
CVE-2024-9464
was published
Oct 9, 2024
An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated...
Critical
Unreviewed
CVE-2024-9463
was published
Oct 9, 2024
DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the...
High
Unreviewed
CVE-2024-46316
was published
Oct 9, 2024
On Windows platforms, a "best fit" character encoding conversion of command line arguments to...
High
Unreviewed
CVE-2024-45720
was published
Oct 9, 2024
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2...
High
Unreviewed
CVE-2024-9380
was published
Oct 8, 2024
A command injection vulnerability exists in Motorola CX2L router v1.0.2 and below. The...
High
Unreviewed
CVE-2024-45880
was published
Oct 8, 2024
ggit is vulnerable to Command Injection via the fetchTags(branch) API
Moderate
CVE-2024-21532
was published
for
ggit
(npm)
Oct 8, 2024
Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command...
Critical
Unreviewed
CVE-2024-45252
was published
Oct 6, 2024
Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command...
Critical
Unreviewed
CVE-2024-45251
was published
Oct 6, 2024
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),...
High
Unreviewed
CVE-2024-9054
was published
Oct 4, 2024
TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via...
High
Unreviewed
CVE-2024-46486
was published
Oct 4, 2024
@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source
High
GHSA-fm76-w8jw-xf8m
was published
for
@saltcorn/plugins-loader
(npm)
Oct 3, 2024
Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 was discovered to contain an authenticated command...
High
Unreviewed
CVE-2024-46658
was published
Oct 3, 2024
DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability...
Moderate
Unreviewed
CVE-2024-41585
was published
Oct 3, 2024
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0...
Critical
Unreviewed
CVE-2024-45519
was published
Oct 3, 2024
The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection...
Critical
Unreviewed
CVE-2024-9441
was published
Oct 2, 2024
git-shallow-clone OS Command Injection vulnerability
Moderate
CVE-2024-21531
was published
for
git-shallow-clone
(npm)
Oct 1, 2024
Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability....
Moderate
Unreviewed
CVE-2024-23924
was published
Sep 28, 2024
Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability. This...
Moderate
Unreviewed
CVE-2024-23961
was published
Sep 28, 2024
An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary...
High
Unreviewed
CVE-2024-33368
was published
Sep 27, 2024
Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE)...
High
Unreviewed
CVE-2024-46628
was published
Sep 26, 2024
The device enables an unauthorized attacker to execute system commands with elevated privileges....
Critical
Unreviewed
CVE-2024-9166
was published
Sep 26, 2024
VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the...
High
Unreviewed
CVE-2024-46329
was published
Sep 26, 2024
VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the...
High
Unreviewed
CVE-2024-46330
was published
Sep 26, 2024
Gigastone TR1 Travel Router R101 v1.0.2 is vulnerable to Command Injection. This allows an...
High
Unreviewed
CVE-2024-44678
was published
Sep 25, 2024
ProTip!
Advisories are also available from the
GraphQL API