Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,112
Maven
5,000+
npm
3,767
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,854 advisories

Loading
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51252 was published Nov 1, 2024
EnGenius EnStation5-AC A8J-ENS500AC 1.0.0 devices allow blind OS command injection via shell... High Unreviewed
CVE-2024-36060 was published Oct 30, 2024
Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote... High Unreviewed
CVE-2024-48826 was published Oct 28, 2024
Tenda AC7 v.15.03.06.44 ate_ifconfig_set has pre-authentication command injection allowing remote... High Unreviewed
CVE-2024-48825 was published Oct 28, 2024
An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an... High Unreviewed
CVE-2024-48074 was published Oct 28, 2024
MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE)... High Unreviewed
CVE-2024-37845 was published Oct 25, 2024
A command execution vulnerability exists in the AX2 Pro home router produced by Shenzhen Tenda... High Unreviewed
CVE-2024-48459 was published Oct 25, 2024
EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 allow (blind) OS Command... High Unreviewed
CVE-2024-45242 was published Oct 24, 2024
Administrative Management System from Wellchoose has an OS Command Injection vulnerability,... High Unreviewed
CVE-2024-10202 was published Oct 21, 2024
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command... High Unreviewed
CVE-2024-48629 was published Oct 17, 2024
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command... High Unreviewed
CVE-2024-48636 was published Oct 17, 2024
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command... High Unreviewed
CVE-2024-48630 was published Oct 17, 2024
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command... High Unreviewed
CVE-2024-48638 was published Oct 17, 2024
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command... High Unreviewed
CVE-2024-48635 was published Oct 17, 2024
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command... High Unreviewed
CVE-2024-48634 was published Oct 17, 2024
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command... High Unreviewed
CVE-2024-48632 was published Oct 17, 2024
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command... High Unreviewed
CVE-2024-48631 was published Oct 17, 2024
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command... High Unreviewed
CVE-2024-48633 was published Oct 17, 2024
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command... High Unreviewed
CVE-2024-48637 was published Oct 17, 2024
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone... High Unreviewed
CVE-2024-20458 was published Oct 16, 2024
The affected product permits OS command injection through improperly restricted commands,... High Unreviewed
CVE-2024-9139 was published Oct 14, 2024
DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the... High Unreviewed
CVE-2024-46316 was published Oct 9, 2024
On Windows platforms, a "best fit" character encoding conversion of command line arguments to... High Unreviewed
CVE-2024-45720 was published Oct 9, 2024
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2... High Unreviewed
CVE-2024-9380 was published Oct 8, 2024
A command injection vulnerability exists in Motorola CX2L router v1.0.2 and below. The... High Unreviewed
CVE-2024-45880 was published Oct 8, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database