GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,131
Erlang
29
GitHub Actions
19
Go
1,934
Maven
5,000+
npm
3,668
NuGet
642
pip
3,287
Pub
10
RubyGems
873
Rust
828
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,128 advisories
Filter by severity
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),...
High
Unreviewed
CVE-2024-9054
was published
Oct 4, 2024
OS Command Injection in Plexus-utils
Critical
CVE-2017-1000487
was published
for
org.codehaus.plexus:plexus-utils
(Maven)
May 13, 2022
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2...
High
Unreviewed
CVE-2024-9380
was published
Oct 8, 2024
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0...
Critical
Unreviewed
CVE-2024-45519
was published
Oct 3, 2024
DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the...
High
Unreviewed
CVE-2024-46316
was published
Oct 9, 2024
An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated...
Critical
Unreviewed
CVE-2024-9464
was published
Oct 9, 2024
An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated...
Critical
Unreviewed
CVE-2024-9463
was published
Oct 9, 2024
On Windows platforms, a "best fit" character encoding conversion of command line arguments to...
High
Unreviewed
CVE-2024-45720
was published
Oct 9, 2024
OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and...
Moderate
Unreviewed
CVE-2023-49695
was published
Dec 12, 2023
A command injection vulnerability exists in Motorola CX2L router v1.0.2 and below. The...
High
Unreviewed
CVE-2024-45880
was published
Oct 8, 2024
ggit is vulnerable to Command Injection via the fetchTags(branch) API
Moderate
CVE-2024-21532
was published
for
ggit
(npm)
Oct 8, 2024
A vulnerability has been discovered in Xiaomi routers that could allow command injection through...
Critical
Unreviewed
CVE-2023-26317
was published
Aug 2, 2023
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability...
High
Unreviewed
CVE-2023-26319
was published
Oct 11, 2023
The Xiaomi router AX9000 has a post-authentication command injection vulnerability. This...
Moderate
Unreviewed
CVE-2023-26315
was published
Aug 26, 2024
Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 was discovered to contain an authenticated command...
High
Unreviewed
CVE-2024-46658
was published
Oct 3, 2024
TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via...
High
Unreviewed
CVE-2024-46486
was published
Oct 4, 2024
DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability...
Moderate
Unreviewed
CVE-2024-41585
was published
Oct 3, 2024
An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions...
Critical
Unreviewed
CVE-2021-42796
was published
Dec 16, 2023
An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or...
Moderate
Unreviewed
CVE-2020-21583
was published
Aug 22, 2023
Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command...
Critical
Unreviewed
CVE-2024-45251
was published
Oct 6, 2024
Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command...
Critical
Unreviewed
CVE-2024-45252
was published
Oct 6, 2024
@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source
High
GHSA-fm76-w8jw-xf8m
was published
for
@saltcorn/plugins-loader
(npm)
Oct 3, 2024
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated...
High
Unreviewed
CVE-2024-8686
was published
Sep 11, 2024
ProTip!
Advisories are also available from the
GraphQL API