Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,182 advisories

Loading
D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04... High Unreviewed
CVE-2024-44334 was published Sep 9, 2024
D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04... High Unreviewed
CVE-2024-44335 was published Sep 9, 2024
Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with... High Unreviewed
CVE-2024-36138 was published Sep 7, 2024
The Xiaomi router AX9000 has a post-authentication command injection vulnerability. This... Moderate Unreviewed
CVE-2023-26315 was published Aug 26, 2024
D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm. Critical Unreviewed
CVE-2024-44402 was published Sep 6, 2024
D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the... Critical Unreviewed
CVE-2024-44401 was published Sep 6, 2024
An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2023-46484 was published Oct 31, 2023
An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2023-46485 was published Oct 31, 2023
D-Link DI-8400 16.07.26A1 is vulnerable to Command Injection via upgrade_filter_asp. High Unreviewed
CVE-2024-44400 was published Sep 4, 2024
An OS command injection vulnerability has been reported to affect Video Station. If exploited,... High Unreviewed
CVE-2023-47563 was published Sep 6, 2024
An OS command injection vulnerability has been reported to affect several QNAP operating system... High Unreviewed
CVE-2024-38641 was published Sep 6, 2024
An OS command injection vulnerability has been reported to affect several QNAP operating system... Moderate Unreviewed
CVE-2024-21903 was published Sep 6, 2024
An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows... Critical Unreviewed
CVE-2024-42947 was published Aug 15, 2024
Improper Input Validation and Command Injection in Ansible High
CVE-2021-3583 was published for ansible (pip) Sep 23, 2021
OS Command Injection in celery High
CVE-2021-23727 was published for celery (pip) Jan 6, 2022
Command Injection in Cobbler High
CVE-2021-45082 was published for cobbler (pip) Feb 20, 2022
Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s)... High Unreviewed
CVE-2024-38486 was published Sep 6, 2024
A post-authentication remote command injection vulnerability in a CGI file in Western Digital My... High Unreviewed
CVE-2023-22816 was published Jul 1, 2023
Post-authentication remote command injection vulnerabilities in Western Digital My Cloud OS 5... Moderate Unreviewed
CVE-2023-22815 was published Jul 1, 2023
Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html... Critical Unreviewed
CVE-2023-47253 was published Nov 6, 2023
Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-24216 was published Feb 8, 2024
Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into... Critical Unreviewed
CVE-2024-29864 was published Mar 21, 2024
Ansible fails to properly sanitize fact variables sent from the Ansible controller Critical
CVE-2016-8628 was published for ansible (pip) Oct 10, 2018
WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm. High Unreviewed
CVE-2024-44383 was published Sep 4, 2024
Commands can be injected over the network and executed without authentication. High Unreviewed
CVE-2024-7029 was published Aug 2, 2024
ProTip! Advisories are also available from the GraphQL API