Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,992 advisories

Loading
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2... High Unreviewed
CVE-2024-9380 was published Oct 8, 2024
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS... Critical Unreviewed
CVE-2024-3400 was published Apr 12, 2024
A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS... High Unreviewed
CVE-2024-3273 was published Apr 4, 2024
ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an authenticated command injection... High Unreviewed
CVE-2023-39780 was published Sep 11, 2023
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with... Critical Unreviewed
CVE-2023-20887 was published Jun 7, 2023
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a... High Unreviewed
CVE-2023-33538 was published Jun 7, 2023
A remote command injection vulnerability exists in the Barracuda Email Security Gateway ... Critical Unreviewed
CVE-2023-2868 was published Jul 6, 2023
A vulnerability in the web-based management interface of Cisco Small Business Routers RV016,... High Unreviewed
CVE-2023-20118 was published Apr 13, 2023
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0... Moderate Unreviewed
CVE-2022-40765 was published Nov 22, 2022
SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via... Critical Unreviewed
CVE-2022-29303 was published May 13, 2022
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject... High Unreviewed
CVE-2022-27924 was published Apr 22, 2022
A command injection vulnerability in the web server of some Hikvision product. Due to the... Critical Unreviewed
CVE-2021-36260 was published May 24, 2022
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1... Critical Unreviewed
CVE-2021-27561 was published May 24, 2022
Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management... Critical Unreviewed
CVE-2021-35395 was published May 24, 2022
Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that... Critical Unreviewed
CVE-2021-35394 was published May 24, 2022
A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote... High Unreviewed
CVE-2021-22899 was published May 24, 2022
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb... Critical Unreviewed
CVE-2024-51378 was published Oct 30, 2024
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support... Critical Unreviewed
CVE-2024-12356 was published Dec 17, 2024
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an... Critical Unreviewed
CVE-2024-55956 was published Dec 13, 2024
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow... Critical Unreviewed
CVE-2021-1498 was published May 24, 2022
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited,... Critical Unreviewed
CVE-2020-2509 was published May 24, 2022
D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi... Critical Unreviewed
CVE-2020-25506 was published May 24, 2022
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary... Critical Unreviewed
CVE-2018-19949 was published May 24, 2022
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and... Critical Unreviewed
CVE-2024-21887 was published Jan 12, 2024
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance... Critical Unreviewed
CVE-2023-1671 was published Apr 4, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database