Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,002 advisories

Loading
The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters... High Unreviewed
CVE-2023-4797 was published Jan 16, 2024
A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452.... Moderate Unreviewed
CVE-2024-0579 was published Jan 16, 2024
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can... High Unreviewed
CVE-2023-42136 was published Jan 15, 2024
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and... Critical Unreviewed
CVE-2024-21887 was published Jan 12, 2024
Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268) High
CVE-2024-22198 was published for github.com/0xJacky/Nginx-UI (Go) Jan 11, 2024
jorgectf Hintay
Credited to jorgectf and Hintay
Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269) High
CVE-2024-22197 was published for github.com/0xJacky/Nginx-UI (Go) Jan 11, 2024
jorgectf Hintay
Credited to jorgectf and Hintay
The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and... High Unreviewed
CVE-2023-6634 was published Jan 11, 2024
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE)... Critical Unreviewed
CVE-2023-52027 was published Jan 11, 2024
Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to... Critical Unreviewed
CVE-2023-51126 was published Jan 10, 2024
Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2023-51972 was published Jan 10, 2024
In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl... Critical Unreviewed
CVE-2023-31446 was published Jan 10, 2024
Azure Storage Mover Remote Code Execution Vulnerability High Unreviewed
CVE-2024-20676 was published Jan 9, 2024
An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Command injection can occur... Critical Unreviewed
CVE-2023-49237 was published Jan 9, 2024
A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as... Moderate Unreviewed
CVE-2024-0291 was published Jan 8, 2024
An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the... High Unreviewed
CVE-2023-47560 was published Jan 5, 2024
Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2023-51812 was published Jan 4, 2024
Potential Actions command injection in output filenames (GHSL-2023-275) High
CVE-2023-52137 was published for tj-actions/verify-changed-files (GitHub Actions) Jan 2, 2024
jorgectf jsoref
Credited to jorgectf and jsoref
tj-actions/changed-files has Potential Actions command injection in output filenames (GHSL-2023-271) High
CVE-2023-51664 was published for tj-actions/changed-files (GitHub Actions) Jan 2, 2024
jorgectf jsoref
Credited to jorgectf and jsoref
Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6,... High Unreviewed
CVE-2023-50445 was published Dec 28, 2023
An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute... High Unreviewed
CVE-2023-49226 was published Dec 25, 2023
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command... Critical Unreviewed
CVE-2023-51016 was published Dec 22, 2023
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command... Critical Unreviewed
CVE-2023-51014 was published Dec 22, 2023
A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user... High Unreviewed
CVE-2023-39509 was published Dec 22, 2023
TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command... Critical Unreviewed
CVE-2023-51025 was published Dec 22, 2023
MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via... Critical Unreviewed
CVE-2023-51707 was published Dec 22, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database