Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
33
GitHub Actions
22
Go
2,121
Maven
5,000+
npm
3,783
NuGet
683
pip
3,465
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,448 advisories

Loading
The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager V11 R0.22.0 through V11... High Unreviewed
CVE-2025-23094 was published Feb 6, 2025
A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially... High Unreviewed
CVE-2023-6321 was published May 15, 2024
D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via... Critical Unreviewed
CVE-2023-26822 was published Apr 2, 2023
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All... High Unreviewed
CVE-2024-50572 was published Nov 12, 2024
A vulnerability has been found in the CPython `venv` module and CLI where path names provided... Moderate Unreviewed
CVE-2024-9287 was published Oct 22, 2024
An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9... Critical Unreviewed
CVE-2023-1708 was published Apr 5, 2023
Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 before 10R3.1.2, and OpenScape... High Unreviewed
CVE-2023-30638 was published Apr 14, 2023
D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi... Critical Unreviewed
CVE-2020-25506 was published May 24, 2022
A remote code execution vulnerability exists in the way that the MSHTML engine inproperly... High Unreviewed
CVE-2019-0541 was published May 13, 2022
1Panel arbitrary file write vulnerability Moderate
CVE-2024-34352 was published for github.com/1Panel-dev/1Panel (Go) May 9, 2024
an5er
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution,... High Unreviewed
CVE-2017-6327 was published May 13, 2022
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim... Moderate Unreviewed
CVE-2010-4345 was published May 13, 2022
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1... High Unreviewed
CVE-2007-3010 was published May 1, 2022
HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary... High Unreviewed
CVE-2005-2773 was published May 1, 2022
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary... Critical Unreviewed
CVE-2018-19949 was published May 24, 2022
A command injection vulnerability in the web server of some Hikvision product. Due to the... Critical Unreviewed
CVE-2021-36260 was published May 24, 2022
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string Critical
CVE-2024-23346 was published for pymatgen (pip) Feb 21, 2024
SteakEnthusiast mkhorton
files.photo.gallery command injection Moderate
CVE-2024-53615 was published for files.photo.gallery (npm) Jan 30, 2025
Honeywell OneWireless Wireless Device Manager (WDM) for the following versions R310.x, R320.x,... Critical Unreviewed
CVE-2023-5878 was published Feb 6, 2025
When running in Appliance mode, an authenticated remote command injection vulnerability exists in... High Unreviewed
CVE-2025-23239 was published Feb 5, 2025
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1... Critical Unreviewed
CVE-2021-27561 was published May 24, 2022
Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that... Critical Unreviewed
CVE-2021-35394 was published May 24, 2022
eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module. Critical Unreviewed
CVE-2025-22978 was published Feb 3, 2025
Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via... High Unreviewed
CVE-2024-57539 was published Jan 21, 2025
TOTOLINK A810R V4.1.2cu.5032_B20200407 was found to contain a command insertion vulnerability in... High Unreviewed
CVE-2024-57036 was published Jan 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database