GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
929 advisories
Filter by severity
SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality....
Critical
Unreviewed
CVE-2024-10118
was published
Oct 18, 2024
The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An...
Critical
Unreviewed
CVE-2024-10119
was published
Oct 18, 2024
An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege...
Critical
Unreviewed
CVE-2023-28805
was published
Oct 23, 2023
An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated...
Critical
Unreviewed
CVE-2024-9464
was published
Oct 9, 2024
PIDUsage Enables OS Command Injection
Critical
CVE-2017-1000220
was published
for
pidusage
(npm)
May 13, 2022
An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated...
Critical
Unreviewed
CVE-2024-9463
was published
Oct 9, 2024
SpotCam Co., Ltd. SpotCam Sense’s hidden Telnet function has a vulnerability of OS command...
Critical
Unreviewed
CVE-2023-38027
was published
Aug 28, 2023
OS Command Injection in Plexus-utils
Critical
CVE-2017-1000487
was published
for
org.codehaus.plexus:plexus-utils
(Maven)
May 13, 2022
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0...
Critical
Unreviewed
CVE-2024-45519
was published
Oct 3, 2024
A vulnerability has been discovered in Xiaomi routers that could allow command injection through...
Critical
Unreviewed
CVE-2023-26317
was published
Aug 2, 2023
An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions...
Critical
Unreviewed
CVE-2021-42796
was published
Dec 16, 2023
Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command...
Critical
Unreviewed
CVE-2024-45251
was published
Oct 6, 2024
Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command...
Critical
Unreviewed
CVE-2024-45252
was published
Oct 6, 2024
The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection...
Critical
Unreviewed
CVE-2024-9441
was published
Oct 2, 2024
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate...
Critical
Unreviewed
CVE-2023-25280
was published
Mar 16, 2023
Markdown-supplied Shell Command Execution
Critical
CVE-2020-15271
was published
for
lookatme
(pip)
Oct 27, 2020
Langchain OS Command Injection vulnerability
Critical
CVE-2023-34540
was published
for
langchain
(pip)
Jun 14, 2023
The device enables an unauthorized attacker to execute system commands with elevated privileges....
Critical
Unreviewed
CVE-2024-9166
was published
Sep 26, 2024
Mercurial is vulnerable to shell injection attack
Critical
CVE-2017-1000116
was published
for
mercurial
(pip)
May 13, 2022
Chaosblade vulnerable to OS command execution
Critical
CVE-2023-47105
was published
for
github.com/chaosblade-io/chaosblade
(Go)
Sep 18, 2024
Mercurial vulnerable to arbitrary code injection
Critical
CVE-2017-17458
was published
for
mercurial
(pip)
May 13, 2022
An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attacker to execute arbitrary...
Critical
Unreviewed
CVE-2023-44080
was published
Sep 28, 2023
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
Critical
CVE-2023-40267
was published
for
GitPython
(pip)
Aug 11, 2023
Gerapy may cause remote code execution
Critical
CVE-2021-43857
was published
for
gerapy
(pip)
Jan 6, 2022
ProTip!
Advisories are also available from the
GraphQL API