GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,991
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,931 advisories
Filter by severity
Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality...
High
Unreviewed
CVE-2024-24623
was published
Jul 26, 2024
Softaculous Webuzo contains a command injection in the password reset functionality. A remote,...
High
Unreviewed
CVE-2024-24622
was published
Jul 26, 2024
AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have...
High
Unreviewed
CVE-2024-39345
was published
Jul 24, 2024
A vulnerability was found in F-logic DataCube3 1.0. It has been declared as critical. Affected by...
Moderate
Unreviewed
CVE-2024-7066
was published
Jul 24, 2024
A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222,...
Moderate
Unreviewed
CVE-2024-37066
was published
Jul 19, 2024
Sliver Allows Authenticated Operator-to-Server Remote Code Execution
High
CVE-2024-41111
was published
for
github.com/bishopfox/sliver
(Go)
Jul 18, 2024
Local privilege escalation due to OS command injection vulnerability. The following products are...
High
Unreviewed
CVE-2024-34013
was published
Jul 18, 2024
projectdiscovery/nuclei allows unsigned code template execution through workflows
High
CVE-2024-40641
was published
for
github.com/projectdiscovery/nuclei/v3
(Go)
Jul 17, 2024
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved...
High
Unreviewed
CVE-2024-39522
was published
Jul 11, 2024
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved...
High
Unreviewed
CVE-2024-39521
was published
Jul 11, 2024
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved...
High
Unreviewed
CVE-2024-39523
was published
Jul 11, 2024
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved...
High
Unreviewed
CVE-2024-39524
was published
Jul 11, 2024
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved...
High
Unreviewed
CVE-2024-39520
was published
Jul 11, 2024
Insecure handling of POST header parameter body included in requests being sent to an instance of...
High
Unreviewed
CVE-2024-3799
was published
Jul 10, 2024
A remote attacker with high privileges may use a deleting file function to inject OS commands.
High
Unreviewed
CVE-2024-28750
was published
Jul 9, 2024
An high privileged remote attacker can enable telnet access that accepts hardcoded credentials.
Critical
Unreviewed
CVE-2024-28751
was published
Jul 9, 2024
A remote attacker with high privileges may use a reading file function to inject OS commands.
High
Unreviewed
CVE-2024-28748
was published
Jul 9, 2024
A remote attacker with high privileges may use a writing file function to inject OS commands.
High
Unreviewed
CVE-2024-28749
was published
Jul 9, 2024
Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek...
High
Unreviewed
CVE-2023-50381
was published
Jul 8, 2024
Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek...
High
Unreviewed
CVE-2023-50383
was published
Jul 8, 2024
Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek...
High
Unreviewed
CVE-2023-50382
was published
Jul 8, 2024
rejetto HFS vulnerable to OS Command Execution by remote authenticated users
Critical
CVE-2024-39943
was published
for
hfs
(npm)
Jul 5, 2024
A high privileged remote attacker can execute arbitrary system commands via GET requests due to...
High
Unreviewed
CVE-2024-5672
was published
Jul 3, 2024
An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of...
High
Unreviewed
CVE-2024-32937
was published
Jul 3, 2024
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker...
Moderate
Unreviewed
CVE-2024-20399
was published
Jul 1, 2024
ProTip!
Advisories are also available from the
GraphQL API