Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,457 advisories

Loading
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing()... Critical Unreviewed
CVE-2024-39765 was published Jan 14, 2025
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing()... Critical Unreviewed
CVE-2024-39763 was published Jan 14, 2025
Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality... Critical Unreviewed
CVE-2024-39760 was published Jan 14, 2025
Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality... Critical Unreviewed
CVE-2024-39761 was published Jan 14, 2025
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing()... Critical Unreviewed
CVE-2024-39762 was published Jan 14, 2025
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of... Critical Unreviewed
CVE-2024-39781 was published Jan 14, 2025
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of... Critical Unreviewed
CVE-2024-39782 was published Jan 14, 2025
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing()... Critical Unreviewed
CVE-2024-39764 was published Jan 14, 2025
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of... Critical Unreviewed
CVE-2024-39783 was published Jan 14, 2025
Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg,... Critical Unreviewed
CVE-2025-22949 was published Jan 10, 2025
n158 vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function High
CVE-2023-26127 was published for n158 (npm) May 27, 2023
keep-module-latest vulnerable to Command Injection due to missing input sanitization High
CVE-2023-26128 was published for keep-module-latest (npm) May 27, 2023
bwm-ng vulnerable to command injection High
CVE-2023-26129 was published for bwm-ng (npm) May 27, 2023
An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync()... Critical Unreviewed
CVE-2024-34166 was published Jan 14, 2025
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability... Moderate Unreviewed
CVE-2024-57212 was published Jan 10, 2025
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability... Moderate Unreviewed
CVE-2024-57214 was published Jan 10, 2025
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the... Moderate Unreviewed
CVE-2024-57222 was published Jan 10, 2025
An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun()... Critical Unreviewed
CVE-2024-39367 was published Jan 14, 2025
An os command injection vulnerability exists in the nas.cgi remove_dir() functionality of Wavlink... Critical Unreviewed
CVE-2024-39360 was published Jan 14, 2025
An os command injection vulnerability exists in the adm.cgi set_ledonoff() functionality of... Critical Unreviewed
CVE-2024-37186 was published Jan 14, 2025
An issue discovered in Action Launcher for Android v50.5 allows an attacker to cause a denial of... Moderate Unreviewed
CVE-2022-47028 was published May 30, 2023
ruby-saml vulnerable to XPath injection Critical
CVE-2015-20108 was published for ruby-saml (RubyGems) May 27, 2023
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability... High Unreviewed
CVE-2024-57211 was published Jan 10, 2025
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the... High Unreviewed
CVE-2024-57226 was published Jan 10, 2025
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the... High Unreviewed
CVE-2024-57227 was published Jan 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database