Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,869
Erlang
29
GitHub Actions
16
Go
1,717
Maven
4,951
npm
3,480
NuGet
605
pip
3,026
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,709 advisories

D-Link DAP-1325 HNAP SetAPLanSettings Gateway Command Injection Remote Code Execution... High Unreviewed
CVE-2023-41189 was published May 3, 2024
D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDNS2 Command Injection Remote Code Execution... High Unreviewed
CVE-2023-41199 was published May 3, 2024
D-Link DAP-1325 HNAP SetAPLanSettings DeviceName Command Injection Remote Code Execution... High Unreviewed
CVE-2023-41188 was published May 3, 2024
NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. This vulnerability... High Unreviewed
CVE-2023-40479 was published May 3, 2024
NETGEAR RAX30 DHCP Server Command Injection Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2023-40480 was published May 3, 2024
TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2023-39471 was published May 3, 2024
Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability. This vulnerability... High Unreviewed
CVE-2023-38120 was published May 3, 2024
D-Link DIR-X3260 prog.cgi SOAPAction Command Injection Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2023-35723 was published May 3, 2024
NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. This vulnerability... High Unreviewed
CVE-2023-35722 was published May 3, 2024
NETGEAR RAX30 libcms_cli Command Injection Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2023-27367 was published May 3, 2024
A vulnerability has been found in MailCleaner up to 2023.03.14 and classified as critical.... High Unreviewed
CVE-2024-3193 was published Apr 29, 2024
N-Reporter and N-Cloud, products of the N-Partner, have an OS Command Injection vulnerability.... High Unreviewed
CVE-2024-4301 was published Apr 29, 2024
The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherock,... High Unreviewed
CVE-2024-4299 was published Apr 29, 2024
The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock... High Unreviewed
CVE-2024-4298 was published Apr 29, 2024
An OS command injection vulnerability has been reported to affect several QNAP operating system... High Unreviewed
CVE-2024-27124 was published Apr 26, 2024
Heketi Arbitrary Code Execution High
CVE-2017-15103 was published for github.com/heketi/heketi (Go) Apr 24, 2024
A vulnerability in the web-based management interface of Cisco Integrated Management Controller ... High Unreviewed
CVE-2024-20356 was published Apr 24, 2024
A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an... High Unreviewed
CVE-2024-20295 was published Apr 24, 2024
Arbitrary Code Execution in Gitea High
CVE-2020-14144 was published for code.gitea.io/gitea (Go) Apr 22, 2024
A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an... High Unreviewed
CVE-2023-4855 was published Apr 15, 2024
A format string vulnerability was identified in SMM/SMM2 and FPC that could allow an... High Unreviewed
CVE-2023-4856 was published Apr 15, 2024
A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an... High Unreviewed
CVE-2024-2659 was published Apr 15, 2024
Certain ASUS WiFi routers models has an OS Command Injection vulnerability, allowing an... High Unreviewed
CVE-2024-1655 was published Apr 15, 2024
tiagorlampert CHAOS vulnerable to command injections High
CVE-2024-30850 was published for github.com/tiagorlampert/CHAOS (Go) Apr 12, 2024
yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581) High
CVE-2024-22423 was published for yt-dlp (pip) Apr 10, 2024
Ry0taK Grub4K
pukkandan
ProTip! Advisories are also available from the GraphQL API