Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,267 advisories

Loading
TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability... Critical Unreviewed
CVE-2023-34213 was published Aug 17, 2023
Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an... Critical Unreviewed
CVE-2023-20017 was published Aug 17, 2023
Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an... Critical Unreviewed
CVE-2023-20013 was published Aug 17, 2023
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments Critical
CVE-2023-40267 was published for GitPython (pip) Aug 11, 2023
Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0,... Critical Unreviewed
CVE-2023-40253 was published Aug 11, 2023
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with... Critical Unreviewed
CVE-2023-3572 was published Aug 8, 2023
Connected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall... Critical Unreviewed
CVE-2023-33377 was published Aug 4, 2023
Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the... Critical Unreviewed
CVE-2023-33374 was published Aug 4, 2023
A vulnerability has been discovered in Xiaomi routers that could allow command injection through... Critical Unreviewed
CVE-2023-26317 was published Aug 2, 2023
A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST... Critical Unreviewed
CVE-2023-35861 was published Jul 31, 2023
Synel SYnergy Fingerprint Terminals - CWE-78: 'OS Command Injection' Critical Unreviewed
CVE-2023-37213 was published Jul 30, 2023
OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0. Critical Unreviewed
CVE-2023-3974 was published Jul 27, 2023
Command injection in PaddlePaddle Critical
CVE-2023-38673 was published for paddlepaddle (pip) Jul 26, 2023
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed
CVE-2023-37292 was published Jul 21, 2023
A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4.... Critical Unreviewed
CVE-2023-36670 was published Jul 18, 2023
The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows... Critical Unreviewed
CVE-2023-38378 was published Jul 16, 2023
vm2 Sandbox Escape vulnerability Critical
CVE-2023-37903 was published for vm2 (npm) Jul 13, 2023
leesh3288
Credited to leesh3288
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection... Critical Unreviewed
CVE-2023-37171 was published Jul 7, 2023
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection... Critical Unreviewed
CVE-2023-37172 was published Jul 7, 2023
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code... Critical Unreviewed
CVE-2023-37170 was published Jul 7, 2023
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection... Critical Unreviewed
CVE-2023-37173 was published Jul 7, 2023
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed
CVE-2022-29841 was published Jul 6, 2023
Apache Kylin vulnerable to remote code execution Critical
CVE-2022-24697 was published for org.apache.kylin:kylin-core-common (Maven) Jul 6, 2023
An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur,... Critical Unreviewed
CVE-2022-44720 was published Jun 29, 2023
An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows... Critical Unreviewed
CVE-2023-26613 was published Jun 29, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database