GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
802 advisories
Filter by severity
Improper neutralization of special elements used in a command ('Command Injection') vulnerability...
Critical
Unreviewed
CVE-2024-10443
was published
Nov 15, 2024
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000...
Critical
Unreviewed
CVE-2024-39226
was published
Aug 6, 2024
A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless...
Critical
Unreviewed
CVE-2024-20418
was published
Nov 6, 2024
An issue in Lens Visual integration with Power BI v.4.0.0.3 allows a remote attacker to execute...
Critical
Unreviewed
CVE-2024-48746
was published
Nov 6, 2024
DCME-320 v7.4.12.90 was discovered to contain a command injection vulnerability.
Critical
Unreviewed
CVE-2024-51115
was published
Nov 6, 2024
Command injection vulnerability in the underlying CLI service could lead to unauthenticated...
Critical
Unreviewed
CVE-2024-47460
was published
Nov 6, 2024
Command injection vulnerability in the underlying CLI service could lead to unauthenticated...
Critical
Unreviewed
CVE-2024-42509
was published
Nov 6, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and...
Critical
Unreviewed
CVE-2024-51259
was published
Oct 31, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and...
Critical
Unreviewed
CVE-2024-51255
was published
Oct 31, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and...
Critical
Unreviewed
CVE-2024-51260
was published
Oct 31, 2024
A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything...
Critical
Unreviewed
CVE-2024-48144
was published
Oct 24, 2024
A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1...
Critical
Unreviewed
CVE-2024-48145
was published
Oct 24, 2024
TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection...
Critical
Unreviewed
CVE-2023-34215
was published
Aug 17, 2023
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and...
Critical
Unreviewed
CVE-2023-33239
was published
Aug 17, 2023
TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability...
Critical
Unreviewed
CVE-2023-34213
was published
Aug 17, 2023
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and...
Critical
Unreviewed
CVE-2023-33238
was published
Aug 17, 2023
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and...
Critical
Unreviewed
CVE-2023-34214
was published
Aug 17, 2023
A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an...
Critical
Unreviewed
CVE-2024-46256
was published
Sep 27, 2024
An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the...
Critical
Unreviewed
CVE-2024-48659
was published
Oct 21, 2024
An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to...
Critical
Unreviewed
CVE-2024-48904
was published
Oct 22, 2024
A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an...
Critical
Unreviewed
CVE-2024-35285
was published
Oct 21, 2024
A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote,...
Critical
Unreviewed
CVE-2024-40089
was published
Oct 21, 2024
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability...
Critical
Unreviewed
CVE-2024-37091
was published
Jun 24, 2024
The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote...
Critical
Unreviewed
CVE-2024-10131
was published
Oct 19, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and...
Critical
Unreviewed
CVE-2024-48153
was published
Oct 14, 2024
ProTip!
Advisories are also available from the
GraphQL API