Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
33
GitHub Actions
22
Go
2,121
Maven
5,000+
npm
3,783
NuGet
683
pip
3,465
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

984 advisories

Loading
D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via... Critical Unreviewed
CVE-2023-26822 was published Apr 2, 2023
An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9... Critical Unreviewed
CVE-2023-1708 was published Apr 5, 2023
D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi... Critical Unreviewed
CVE-2020-25506 was published May 24, 2022
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary... Critical Unreviewed
CVE-2018-19949 was published May 24, 2022
A command injection vulnerability in the web server of some Hikvision product. Due to the... Critical Unreviewed
CVE-2021-36260 was published May 24, 2022
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string Critical
CVE-2024-23346 was published for pymatgen (pip) Feb 21, 2024
SteakEnthusiast mkhorton
Honeywell OneWireless Wireless Device Manager (WDM) for the following versions R310.x, R320.x,... Critical Unreviewed
CVE-2023-5878 was published Feb 6, 2025
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1... Critical Unreviewed
CVE-2021-27561 was published May 24, 2022
Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that... Critical Unreviewed
CVE-2021-35394 was published May 24, 2022
eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module. Critical Unreviewed
CVE-2025-22978 was published Feb 3, 2025
The specific component in Celk Saude 3.1.252.1 that processes user input and returns error... Critical Unreviewed
CVE-2024-48761 was published Jan 30, 2025
Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a... Critical Unreviewed
CVE-2024-0740 was published Apr 26, 2024
EasyVirt DCScope 8.6.0 and earlier and co2Scope 1.3.0 and earlier are vulnerable to Command... Critical Unreviewed
CVE-2024-55062 was published Feb 1, 2025
A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L... Critical Unreviewed
CVE-2021-45382 was published Feb 18, 2022
SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via... Critical Unreviewed
CVE-2022-29303 was published May 13, 2022
A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as... Critical Unreviewed
CVE-2025-0798 was published Jan 29, 2025
TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl... Critical Unreviewed
CVE-2024-57590 was published Jan 27, 2025
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5)... Critical Unreviewed
CVE-2016-1555 was published May 14, 2022
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates... Critical Unreviewed
CVE-2023-24540 was published May 11, 2023
Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2024-57583 was published Jan 16, 2025
The script input feature of SpagoBI 3.5.1 allows arbitrary code execution. Critical Unreviewed
CVE-2024-54794 was published Jan 21, 2025
ruby-saml vulnerable to XPath injection Critical
CVE-2015-20108 was published for ruby-saml (RubyGems) May 27, 2023
An os command injection vulnerability exists in the adm.cgi set_ledonoff() functionality of... Critical Unreviewed
CVE-2024-37186 was published Jan 14, 2025
An os command injection vulnerability exists in the nas.cgi remove_dir() functionality of Wavlink... Critical Unreviewed
CVE-2024-39360 was published Jan 14, 2025
An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun()... Critical Unreviewed
CVE-2024-39367 was published Jan 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database