Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,104 advisories

Loading
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51253 was published Nov 4, 2024
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed
CVE-2024-51661 was published Nov 4, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51244 was published Nov 1, 2024
In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51245 was published Nov 1, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51247 was published Nov 1, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51248 was published Nov 1, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51252 was published Nov 1, 2024
IDExpert from CHANGING Information Technology does not properly validate a specific parameter in... Critical Unreviewed
CVE-2024-10653 was published Nov 1, 2024
Plenti arbitrary file write vulnerability High
CVE-2024-49380 was published for github.com/plentico/plenti (Go) Oct 31, 2024
A local user with administrative access rights can enter specialy crafted values for settings at... Moderate Unreviewed
CVE-2024-8934 was published Oct 31, 2024
EnGenius EnStation5-AC A8J-ENS500AC 1.0.0 devices allow blind OS command injection via shell... High Unreviewed
CVE-2024-36060 was published Oct 30, 2024
CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the... Critical Unreviewed
CVE-2024-51568 was published Oct 30, 2024
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb... Critical Unreviewed
CVE-2024-51378 was published Oct 30, 2024
Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows... High Unreviewed
CVE-2024-41153 was published Oct 29, 2024
There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient... Moderate Unreviewed
CVE-2024-22065 was published Oct 29, 2024
Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote... High Unreviewed
CVE-2024-48826 was published Oct 28, 2024
Tenda AC7 v.15.03.06.44 ate_ifconfig_set has pre-authentication command injection allowing remote... High Unreviewed
CVE-2024-48825 was published Oct 28, 2024
An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an... High Unreviewed
CVE-2024-48074 was published Oct 28, 2024
pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API High
CVE-2024-47821 was published for pyload-ng (pip) Oct 28, 2024
anuraagbaishya
Credited to anuraagbaishya
MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE)... High Unreviewed
CVE-2024-37845 was published Oct 25, 2024
A command execution vulnerability exists in the AX2 Pro home router produced by Shenzhen Tenda... High Unreviewed
CVE-2024-48459 was published Oct 25, 2024
EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 allow (blind) OS Command... High Unreviewed
CVE-2024-45242 was published Oct 24, 2024
OS Command Injection in Snyk gradle plugin High
CVE-2024-48964 was published for snyk-gradle-plugin (npm) Oct 23, 2024
OS Command Injection in Snyk php plugin High
CVE-2024-48963 was published for snyk-php-plugin (npm) Oct 23, 2024
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center ... Critical Unreviewed
CVE-2024-20424 was published Oct 23, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database