Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,825
Erlang
29
GitHub Actions
16
Go
1,715
Maven
4,950
npm
3,479
NuGet
605
pip
3,009
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+

866 advisories

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields... Critical Unreviewed
CVE-2023-48808 was published Nov 30, 2023
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields... Critical Unreviewed
CVE-2023-48804 was published Nov 30, 2023
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields... Critical Unreviewed
CVE-2023-48812 was published Nov 30, 2023
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields... Critical Unreviewed
CVE-2023-48806 was published Nov 30, 2023
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields... Critical Unreviewed
CVE-2023-48807 was published Nov 30, 2023
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields... Critical Unreviewed
CVE-2023-48803 was published Nov 30, 2023
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields... Critical Unreviewed
CVE-2023-48802 was published Nov 30, 2023
A command injection vulnerability in the “show_zysync_server_contents” function of the Zyxel... Critical Unreviewed
CVE-2023-35138 was published Nov 30, 2023
The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware... Critical Unreviewed
CVE-2023-4474 was published Nov 30, 2023
An OS Command injection vulnerability in NEC Platforms DT900 and DT900S Series all versions... Critical Unreviewed
CVE-2023-3741 was published Nov 30, 2023
A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21... Critical Unreviewed
CVE-2023-4473 was published Nov 30, 2023
Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain a command injection... Critical Unreviewed
CVE-2023-23325 was published Nov 29, 2023
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed
CVE-2023-6201 was published Nov 28, 2023
Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20... Critical Unreviewed
CVE-2023-3368 was published Nov 28, 2023
A vulnerability in the web-based management allows an unauthenticated remote attacker to inject... Critical Unreviewed
CVE-2023-4149 was published Nov 21, 2023
Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to operating system (OS) command... Critical Unreviewed
CVE-2023-35762 was published Nov 20, 2023
Remote Code Execution due to Full Controled File Write in mlflow Critical
CVE-2023-6018 was published for mlflow (pip) Nov 16, 2023
marco27183
Ray OS Command Injection vulnerability Critical
CVE-2023-6019 was published for ray (pip) Nov 16, 2023
A improper neutralization of special elements used in an os command ('os command injection') in... Critical Unreviewed
CVE-2023-36553 was published Nov 14, 2023
An OS command injection vulnerability has been reported to affect several QNAP operating system... Critical Unreviewed
CVE-2023-23368 was published Nov 3, 2023
An OS command injection vulnerability has been reported to affect several QNAP operating system... Critical Unreviewed
CVE-2023-23369 was published Nov 3, 2023
An issue in franfinance before v.2.0.27 allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2023-43139 was published Oct 31, 2023
tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a... Critical Unreviewed
CVE-2023-47104 was published Oct 30, 2023
An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to... Critical Unreviewed
CVE-2018-17879 was published Oct 27, 2023
An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of... Critical Unreviewed
CVE-2023-3991 was published Oct 16, 2023
ProTip! Advisories are also available from the GraphQL API