GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,205 advisories
Filter by severity
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability...
Critical
Unreviewed
CVE-2024-37642
was published
Jun 14, 2024
Composer has a command injection via malicious git branch name
High
CVE-2024-35241
was published
for
composer/composer
(Composer)
Jun 10, 2024
Composer has multiple command injections via malicious git/hg branch names
High
CVE-2024-35242
was published
for
composer/composer
(Composer)
Jun 10, 2024
On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform...
High
Unreviewed
CVE-2024-37570
was published
Jun 9, 2024
An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A...
High
Unreviewed
CVE-2024-37569
was published
Jun 9, 2024
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via...
Critical
Unreviewed
CVE-2024-37385
was published
Jun 7, 2024
A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior...
Critical
Unreviewed
CVE-2024-5480
was published
Jun 6, 2024
Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn...
Critical
Unreviewed
CVE-2024-36604
was published
Jun 4, 2024
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability...
Critical
Unreviewed
CVE-2024-34792
was published
Jun 4, 2024
A command injection vulnerability exists in the gradio-app/gradio repository, specifically within...
High
Unreviewed
CVE-2024-4253
was published
Jun 4, 2024
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection via the...
Critical
Unreviewed
CVE-2024-36783
was published
Jun 3, 2024
A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically...
High
Unreviewed
CVE-2024-4267
was published
May 22, 2024
A vulnerability classified as critical has been found in Arris VAP2500 08.50. This affects an...
Moderate
Unreviewed
CVE-2024-5196
was published
May 22, 2024
A vulnerability was found in Arris VAP2500 08.50. It has been rated as critical. Affected by this...
Moderate
Unreviewed
CVE-2024-5195
was published
May 22, 2024
A vulnerability was found in Arris VAP2500 08.50. It has been declared as critical. Affected by...
Moderate
Unreviewed
CVE-2024-5194
was published
May 22, 2024
ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command
Critical
CVE-2024-5023
was published
for
consoleme
(pip)
May 16, 2024
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability...
High
Unreviewed
CVE-2024-1417
was published
May 16, 2024
A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could...
High
Unreviewed
CVE-2024-20326
was published
May 16, 2024
A vulnerability in the web-based management interface of multiple Ligowave devices could allow an...
Unknown
Unreviewed
CVE-2024-4999
was published
May 16, 2024
LoLLMS Command Injection vulnerability
High
CVE-2024-4078
was published
for
lollms
(pip)
May 16, 2024
A remote code execution vulnerability exists in the parisneo/lollms-webui application,...
Critical
Unreviewed
CVE-2024-2366
was published
May 16, 2024
sshproxy vulnerable to SSH option injection
Low
CVE-2024-34713
was published
for
github.com/cea-hpc/sshproxy
(Go)
May 14, 2024
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection...
High
Unreviewed
CVE-2024-32355
was published
May 14, 2024
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection...
Critical
Unreviewed
CVE-2024-32353
was published
May 14, 2024
ProTip!
Advisories are also available from the
GraphQL API