Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,605
Erlang
29
GitHub Actions
16
Go
1,695
Maven
4,936
npm
3,466
NuGet
601
pip
2,971
Pub
10
RubyGems
825
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+

862 advisories

IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote authenticated attacker to... Critical Unreviewed
CVE-2023-47709 was published May 14, 2024
LG Simple Editor createThumbnailByMovie Command Injection Remote Code Execution Vulnerability.... Critical Unreviewed
CVE-2023-40505 was published May 3, 2024
LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2023-40504 was published May 3, 2024
A vulnerability, which was classified as critical, has been found in MailCleaner up to 2023.03.14... Critical Unreviewed
CVE-2024-3191 was published Apr 29, 2024
Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a... Critical Unreviewed
CVE-2024-0740 was published Apr 26, 2024
An OS command injection vulnerability exists in the web interface mac2name functionality of... Critical Unreviewed
CVE-2023-39367 was published Apr 17, 2024
Command injection vulnerability in the operating system. Improper neutralisation of special... Critical Unreviewed
CVE-2024-3781 was published Apr 15, 2024
LocalAI Command Injection in audioToWav Critical
CVE-2024-2029 was published for github.com/go-skynet/LocalAI (Go) Apr 10, 2024
An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo... Critical Unreviewed
CVE-2024-1520 was published Apr 10, 2024
A command injection vulnerability exists in the getAudioMetadata method from the com.webos... Critical Unreviewed
CVE-2023-6319 was published Apr 9, 2024
A command injection vulnerability exists in the processAnalyticsReport method from the com.webos... Critical Unreviewed
CVE-2023-6318 was published Apr 9, 2024
A command injection vulnerability exists in the com.webos.service.connectionmanager/tv... Critical Unreviewed
CVE-2023-6320 was published Apr 9, 2024
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed
CVE-2023-25699 was published Apr 3, 2024
In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection... Critical Unreviewed
CVE-2024-2389 was published Apr 2, 2024
Voltronic Power ViewPower Pro getMacAddressByIp Command Injection Remote Code Execution... Critical Unreviewed
CVE-2023-51572 was published Apr 2, 2024
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed
CVE-2023-6437 was published Mar 28, 2024
discordrb OS Command Injection vulnerability Critical
CVE-2023-28102 was published for discordrb (RubyGems) Mar 14, 2024
PaddlePaddle command injection in paddle.utils.download._wget_download Critical
CVE-2024-0815 was published for paddlepaddle (pip) Mar 7, 2024
An OS Command Injection vulnerability affecting documentation server on 3DEXPERIENCE from Release... Critical Unreviewed
CVE-2024-1624 was published Mar 1, 2024
Unauthenticated remote attackers can access the system through the LoadMaster management... Critical Unreviewed
CVE-2024-1212 was published Feb 21, 2024
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed
CVE-2023-6260 was published Feb 20, 2024
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper... Critical Unreviewed
CVE-2024-20720 was published Feb 15, 2024
The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command... Critical Unreviewed
CVE-2024-26260 was published Feb 15, 2024
An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can... Critical Unreviewed
CVE-2024-22836 was published Feb 8, 2024
An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier... Critical Unreviewed
CVE-2023-46359 was published Feb 6, 2024
ProTip! Advisories are also available from the GraphQL API