Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,267 advisories

Loading
Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary... Critical Unreviewed
CVE-2023-30261 was published Jun 26, 2023
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote... Critical Unreviewed
CVE-2023-30258 was published Jun 23, 2023
Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an... Critical Unreviewed
CVE-2023-33869 was published Jun 20, 2023
The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions... Critical Unreviewed
CVE-2023-27992 was published Jun 19, 2023
A Huawei printer has a system command injection vulnerability. Successful exploitation could lead... Critical Unreviewed
CVE-2022-48472 was published Jun 16, 2023
D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via... Critical Unreviewed
CVE-2023-34800 was published Jun 15, 2023
Langchain OS Command Injection vulnerability Critical
CVE-2023-34540 was published for langchain (pip) Jun 14, 2023
OS command injection vulnerability exists in KB-AHR series and KB-IRIP series. If this... Critical Unreviewed
CVE-2023-30764 was published Jun 13, 2023
Brook's tproxy server is vulnerable to a drive-by command injection. Critical
CVE-2023-33965 was published for github.com/txthinking/brook (Go) Jun 6, 2023
pwntester
Credited to pwntester
Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client.... Critical Unreviewed
CVE-2023-25539 was published May 31, 2023
Improper neutralization of special elements used in an OS command ('OS Command Injection')... Critical Unreviewed
CVE-2023-32956 was published May 16, 2023
In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create... Critical Unreviewed
CVE-2023-1698 was published May 15, 2023
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based... Critical Unreviewed
CVE-2023-27407 was published May 9, 2023
Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command... Critical Unreviewed
CVE-2023-29944 was published May 8, 2023
OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0. Critical Unreviewed
CVE-2023-2564 was published May 7, 2023
TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection. Critical Unreviewed
CVE-2023-30053 was published May 5, 2023
TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can... Critical Unreviewed
CVE-2023-30054 was published May 5, 2023
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion... Critical Unreviewed
CVE-2023-30013 was published May 5, 2023
Command injection in OpenTSDB Critical
CVE-2023-25826 was published for net.opentsdb:opentsdb (Maven) May 3, 2023
GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc... Critical Unreviewed
CVE-2023-29778 was published May 2, 2023
appium-desktop OS Command Injection vulnerability Critical
CVE-2023-2479 was published for appium-desktop (npm) May 2, 2023
Duplicate Advisory: AVideo contains Command injection when embedding a video link Critical
GHSA-wj6r-53f5-q789 was published for wwbn/avideo (Composer) Apr 25, 2023 withdrawn
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73,... Critical Unreviewed
CVE-2023-28771 was published Apr 25, 2023
Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which... Critical Unreviewed
CVE-2023-2131 was published Apr 20, 2023
A CWE-78: Improper Handling of Case Sensitivity vulnerability exists that could cause remote... Critical Unreviewed
CVE-2023-29412 was published Apr 18, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database