Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,359
Erlang
33
GitHub Actions
22
Go
2,126
Maven
5,000+
npm
3,787
NuGet
683
pip
3,467
Pub
12
RubyGems
894
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,008 advisories

Loading
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This... High Unreviewed
CVE-2024-45887 was published Nov 4, 2024
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This... High Unreviewed
CVE-2024-45885 was published Nov 4, 2024
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This... High Unreviewed
CVE-2024-45884 was published Nov 4, 2024
DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs... High Unreviewed
CVE-2024-45888 was published Nov 4, 2024
DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs... High Unreviewed
CVE-2024-45882 was published Nov 4, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51246 was published Nov 4, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51253 was published Nov 4, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51249 was published Nov 4, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51247 was published Nov 1, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51252 was published Nov 1, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51248 was published Nov 1, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51244 was published Nov 1, 2024
In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51245 was published Nov 1, 2024
Plenti arbitrary file write vulnerability High
CVE-2024-49380 was published for github.com/plentico/plenti (Go) Oct 31, 2024
EnGenius EnStation5-AC A8J-ENS500AC 1.0.0 devices allow blind OS command injection via shell... High Unreviewed
CVE-2024-36060 was published Oct 30, 2024
Tenda AC7 v.15.03.06.44 ate_ifconfig_set has pre-authentication command injection allowing remote... High Unreviewed
CVE-2024-48825 was published Oct 28, 2024
Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote... High Unreviewed
CVE-2024-48826 was published Oct 28, 2024
An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an... High Unreviewed
CVE-2024-48074 was published Oct 28, 2024
pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API High
CVE-2024-47821 was published for pyload-ng (pip) Oct 28, 2024
anuraagbaishya
MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE)... High Unreviewed
CVE-2024-37845 was published Oct 25, 2024
A command execution vulnerability exists in the AX2 Pro home router produced by Shenzhen Tenda... High Unreviewed
CVE-2024-48459 was published Oct 25, 2024
EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 allow (blind) OS Command... High Unreviewed
CVE-2024-45242 was published Oct 24, 2024
OS Command Injection in Snyk gradle plugin High
CVE-2024-48964 was published for snyk-gradle-plugin (npm) Oct 23, 2024
OS Command Injection in Snyk php plugin High
CVE-2024-48963 was published for snyk-php-plugin (npm) Oct 23, 2024
Administrative Management System from Wellchoose has an OS Command Injection vulnerability,... High Unreviewed
CVE-2024-10202 was published Oct 21, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database