Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,071 advisories

Loading
Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an... Critical Unreviewed
CVE-2023-20017 was published Aug 17, 2023
Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an... Critical Unreviewed
CVE-2023-20013 was published Aug 17, 2023
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_415588.... Critical Unreviewed
CVE-2023-38866 was published Aug 15, 2023
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the... Critical Unreviewed
CVE-2023-38864 was published Aug 15, 2023
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the... Critical Unreviewed
CVE-2023-38862 was published Aug 15, 2023
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0.... Critical Unreviewed
CVE-2023-38865 was published Aug 15, 2023
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname... Critical Unreviewed
CVE-2023-38863 was published Aug 15, 2023
An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute... Critical Unreviewed
CVE-2023-38861 was published Aug 15, 2023
A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller... Critical Unreviewed
CVE-2023-39293 was published Aug 14, 2023
A command injection vulnerability in the component diag_backup.php of OPNsense before 23.7 allows... Critical Unreviewed
CVE-2023-39001 was published Aug 9, 2023
A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense before... Critical Unreviewed
CVE-2023-39008 was published Aug 9, 2023
There is a command injection problem in the old version of the mobile phone backup app. Critical Unreviewed
CVE-2023-26310 was published Aug 9, 2023
Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2023-38928 was published Aug 7, 2023
django-sspanel v2022.2.2 was discovered to contain a remote command execution (RCE) vulnerability... Critical Unreviewed
CVE-2023-38941 was published Aug 4, 2023
Dango-Translator v4.5.5 was discovered to contain a remote command execution (RCE) vulnerability... Critical Unreviewed
CVE-2023-38942 was published Aug 3, 2023
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers... Critical Unreviewed
CVE-2023-37679 was published Aug 3, 2023
A vulnerability has been discovered in Xiaomi routers that could allow command injection through... Critical Unreviewed
CVE-2023-26317 was published Aug 2, 2023
RaspAP Command Injection vulnerability Critical
CVE-2022-39986 was published for billz/raspap-webgui (Composer) Aug 1, 2023
MarkLee131
Credited to MarkLee131
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18... Critical Unreviewed
CVE-2023-34960 was published Aug 1, 2023
Heights Telecom ERO1xS-Pro Dual-Band FW version BZ_ERO1XP.025. Critical Unreviewed
CVE-2023-37214 was published Jul 30, 2023
WAYOS FBM-291W 19.09.11V was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2023-37794 was published Jul 15, 2023
netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used... Critical Unreviewed
CVE-2023-38336 was published Jul 15, 2023
ELECOM wireless LAN router WRC-1167GHBK3-A v1.24 and earlier allows a remote unauthenticated... Critical Unreviewed
CVE-2023-37567 was published Jul 13, 2023
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2023-37148 was published Jul 7, 2023
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2023-37145 was published Jul 7, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database