Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

328 advisories

Loading
Visteon Infotainment REFLASH_DDU_ExtractFile Command Injection Remote Code Execution... Moderate Unreviewed
CVE-2024-8360 was published Nov 23, 2024
Visteon Infotainment REFLASH_DDU_FindFile Command Injection Remote Code Execution Vulnerability.... Moderate Unreviewed
CVE-2024-8359 was published Nov 23, 2024
Visteon Infotainment UPDATES_ExtractFile Command Injection Remote Code Execution Vulnerability.... Moderate Unreviewed
CVE-2024-8358 was published Nov 23, 2024
Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability. This... Moderate Unreviewed
CVE-2024-6247 was published Nov 22, 2024
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS... Moderate Unreviewed
CVE-2024-9474 was published Nov 18, 2024
A vulnerability in the web-based management interface and in the API subsystem of Cisco&nbsp... Moderate Unreviewed
CVE-2022-20652 was published Nov 15, 2024
A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web... Moderate Unreviewed
CVE-2022-20871 was published Nov 15, 2024
Multiple improper neutralization of special elements used in an OS command ('OS Command Injection... Moderate Unreviewed
CVE-2024-32118 was published Nov 12, 2024
A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48... Moderate Unreviewed
CVE-2024-8881 was published Nov 12, 2024
A vulnerability has been found in didi Super-Jacoco 1.0 and classified as critical. Affected by... Moderate Unreviewed
CVE-2024-10919 was published Nov 6, 2024
Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a... Moderate Unreviewed
CVE-2023-5677 was published Feb 5, 2024
An issue was discovered in Logpoint before 7.5.0. Unvalidated input during the EventHub Collector... Moderate Unreviewed
CVE-2024-48954 was published Nov 7, 2024
A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This... Moderate Unreviewed
CVE-2024-9793 was published Oct 10, 2024
A local user with administrative access rights can enter specialy crafted values for settings at... Moderate Unreviewed
CVE-2024-8934 was published Oct 31, 2024
A vulnerability in the cluster backup feature of Cisco Secure Firewall Management Center (FMC)... Moderate Unreviewed
CVE-2024-20275 was published Oct 23, 2024
A vulnerability classified as critical has been found in mikexstudios Xcomic up to 0.8.2. This... Moderate Unreviewed
CVE-2005-10003 was published Oct 17, 2024
A vulnerability in the CLI of Cisco ATA 190 Series Analog Telephone Adapter firmware could... Moderate Unreviewed
CVE-2024-20461 was published Oct 16, 2024
A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series... Moderate Unreviewed
CVE-2024-20459 was published Oct 16, 2024
The OBS service obs-service-download_url was vulnerable to a command injection vulnerability. The... Moderate Unreviewed
CVE-2024-22033 was published Oct 16, 2024
A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1... Moderate Unreviewed
CVE-2024-9977 was published Oct 15, 2024
A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. Affected... Moderate Unreviewed
CVE-2024-9916 was published Oct 13, 2024
OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and... Moderate Unreviewed
CVE-2023-49695 was published Dec 12, 2023
The Xiaomi router AX9000 has a post-authentication command injection vulnerability. This... Moderate Unreviewed
CVE-2023-26315 was published Aug 26, 2024
DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability... Moderate Unreviewed
CVE-2024-41585 was published Oct 3, 2024
An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or... Moderate Unreviewed
CVE-2020-21583 was published Aug 22, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database