Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,318
Erlang
31
GitHub Actions
21
Go
2,074
Maven
5,000+
npm
3,746
NuGet
674
pip
3,434
Pub
12
RubyGems
892
Rust
880
Swift
37
Unreviewed advisories
All unreviewed
5,000+

755 advisories

Loading
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41368 was published Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41369 was published Aug 29, 2024
D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code... Critical Unreviewed
CVE-2024-45623 was published Sep 2, 2024
Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py Critical
CVE-2024-39236 was published for Gradio (pip) Jul 1, 2024
kmulka-bloomberg
An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute... Critical Unreviewed
CVE-2023-36177 was published Jan 24, 2024
Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection... Critical Unreviewed
CVE-2024-24091 was published Feb 8, 2024
Code injection in stanford-parser Critical
CVE-2023-39020 was published for edu.stanford.nlp:stanford-parser (Maven) Jul 28, 2023
aikebah
An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script... Critical Unreviewed
CVE-2023-46958 was published Nov 3, 2023
An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2023-46980 was published Nov 3, 2023
PCRS <= 3.11 (d0de1e) “Questions” page and “Code editor” page are vulnerable to remote code... Critical Unreviewed
CVE-2023-46404 was published Nov 3, 2023
The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling... Critical Unreviewed
CVE-2024-45321 was published Aug 27, 2024
XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet Critical
CVE-2024-37901 was published for org.xwiki.platform:xwiki-platform-search-ui (Maven) Jul 31, 2024
A code injection vulnerability that permits a low-privileged user to upload arbitrary files to... Critical Unreviewed
CVE-2024-39714 was published Sep 7, 2024
An unauthenticated remote attacker can run malicious c# code included in curve files and execute... Critical Unreviewed
CVE-2024-6596 was published Sep 10, 2024
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function. Critical Unreviewed
CVE-2024-44411 was published Sep 9, 2024
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. Critical Unreviewed
CVE-2024-44410 was published Sep 9, 2024
An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php... Critical Unreviewed
CVE-2023-46010 was published Oct 25, 2023
An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary... Critical Unreviewed
CVE-2023-46509 was published Oct 27, 2023
An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a... Critical Unreviewed
CVE-2023-46042 was published Oct 19, 2023
An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands,... Critical Unreviewed
CVE-2023-30131 was published Oct 19, 2023
remote code execution via git repo provider Critical
CVE-2021-39159 was published for binderhub (pip) Aug 30, 2021
dreyercito rccern
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers... Critical Unreviewed
CVE-2024-44466 was published Sep 11, 2024
Code Injection in Django Critical
CVE-2014-0472 was published for Django (pip) May 17, 2022
MarkLee131
django_make_app is vulnerable to Code Injection Critical
CVE-2017-16764 was published for django_make_app (pip) Jul 13, 2018
A remote code execution issue exists in HPE OneView. Critical Unreviewed
CVE-2023-30912 was published Oct 25, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database