Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

3,241 advisories

Loading
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This... High Unreviewed
CVE-2024-45884 was published Nov 4, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51246 was published Nov 4, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51253 was published Nov 4, 2024
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This... High Unreviewed
CVE-2024-45889 was published Nov 4, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51251 was published Nov 4, 2024
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed
CVE-2024-51661 was published Nov 4, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51244 was published Nov 1, 2024
In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51245 was published Nov 1, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51247 was published Nov 1, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51248 was published Nov 1, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51252 was published Nov 1, 2024
IDExpert from CHANGING Information Technology does not properly validate a specific parameter in... Critical Unreviewed
CVE-2024-10653 was published Nov 1, 2024
Plenti arbitrary file write vulnerability High
CVE-2024-49380 was published for github.com/plentico/plenti (Go) Oct 31, 2024
A local user with administrative access rights can enter specialy crafted values for settings at... Moderate Unreviewed
CVE-2024-8934 was published Oct 31, 2024
EnGenius EnStation5-AC A8J-ENS500AC 1.0.0 devices allow blind OS command injection via shell... High Unreviewed
CVE-2024-36060 was published Oct 30, 2024
CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the... Critical Unreviewed
CVE-2024-51568 was published Oct 30, 2024
Tenda AC7 v.15.03.06.44 ate_ifconfig_set has pre-authentication command injection allowing remote... High Unreviewed
CVE-2024-48825 was published Oct 28, 2024
Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote... High Unreviewed
CVE-2024-48826 was published Oct 28, 2024
An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an... High Unreviewed
CVE-2024-48074 was published Oct 28, 2024
pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API High
CVE-2024-47821 was published for pyload-ng (pip) Oct 28, 2024
anuraagbaishya
MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE)... High Unreviewed
CVE-2024-37845 was published Oct 25, 2024
A command execution vulnerability exists in the AX2 Pro home router produced by Shenzhen Tenda... High Unreviewed
CVE-2024-48459 was published Oct 25, 2024
EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 allow (blind) OS Command... High Unreviewed
CVE-2024-45242 was published Oct 24, 2024
OS Command Injection in Snyk gradle plugin High
CVE-2024-48964 was published for snyk-gradle-plugin (npm) Oct 23, 2024
OS Command Injection in Snyk php plugin High
CVE-2024-48963 was published for snyk-php-plugin (npm) Oct 23, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database