Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,131
Erlang
29
GitHub Actions
19
Go
1,934
Maven
5,000+
npm
3,668
NuGet
642
pip
3,287
Pub
10
RubyGems
873
Rust
828
Swift
35
Unreviewed advisories
All unreviewed
5,000+

3,128 advisories

Loading
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),... High Unreviewed
CVE-2024-9054 was published Oct 4, 2024
OS Command Injection in Plexus-utils Critical
CVE-2017-1000487 was published for org.codehaus.plexus:plexus-utils (Maven) May 13, 2022
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2... High Unreviewed
CVE-2024-9380 was published Oct 8, 2024
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0... Critical Unreviewed
CVE-2024-45519 was published Oct 3, 2024
DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the... High Unreviewed
CVE-2024-46316 was published Oct 9, 2024
Pillow command injection Critical
CVE-2014-3007 was published for pillow (pip) May 17, 2022
An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated... Critical Unreviewed
CVE-2024-9464 was published Oct 9, 2024
An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated... Critical Unreviewed
CVE-2024-9463 was published Oct 9, 2024
On Windows platforms, a "best fit" character encoding conversion of command line arguments to... High Unreviewed
CVE-2024-45720 was published Oct 9, 2024
OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and... Moderate Unreviewed
CVE-2023-49695 was published Dec 12, 2023
A command injection vulnerability exists in Motorola CX2L router v1.0.2 and below. The... High Unreviewed
CVE-2024-45880 was published Oct 8, 2024
ggit is vulnerable to Command Injection via the fetchTags(branch) API Moderate
CVE-2024-21532 was published for ggit (npm) Oct 8, 2024
A vulnerability has been discovered in Xiaomi routers that could allow command injection through... Critical Unreviewed
CVE-2023-26317 was published Aug 2, 2023
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... High Unreviewed
CVE-2023-26319 was published Oct 11, 2023
The Xiaomi router AX9000 has a post-authentication command injection vulnerability. This... Moderate Unreviewed
CVE-2023-26315 was published Aug 26, 2024
Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 was discovered to contain an authenticated command... High Unreviewed
CVE-2024-46658 was published Oct 3, 2024
TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via... High Unreviewed
CVE-2024-46486 was published Oct 4, 2024
DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability... Moderate Unreviewed
CVE-2024-41585 was published Oct 3, 2024
An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions... Critical Unreviewed
CVE-2021-42796 was published Dec 16, 2023
An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or... Moderate Unreviewed
CVE-2020-21583 was published Aug 22, 2023
Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command... Critical Unreviewed
CVE-2024-45251 was published Oct 6, 2024
Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command... Critical Unreviewed
CVE-2024-45252 was published Oct 6, 2024
@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source High
GHSA-fm76-w8jw-xf8m was published for @saltcorn/plugins-loader (npm) Oct 3, 2024
dellalibera
Code injection in nbgitpuller High
CVE-2021-39160 was published for nbgitpuller (pip) Aug 30, 2021
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated... High Unreviewed
CVE-2024-8686 was published Sep 11, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database