Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

800 advisories

Loading
A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless... Critical Unreviewed
CVE-2024-20418 was published Nov 6, 2024
An issue in Lens Visual integration with Power BI v.4.0.0.3 allows a remote attacker to execute... Critical Unreviewed
CVE-2024-48746 was published Nov 6, 2024
Command injection vulnerability in the underlying CLI service could lead to unauthenticated... Critical Unreviewed
CVE-2024-42509 was published Nov 6, 2024
Command injection vulnerability in the underlying CLI service could lead to unauthenticated... Critical Unreviewed
CVE-2024-47460 was published Nov 6, 2024
DCME-320 v7.4.12.90 was discovered to contain a command injection vulnerability. Critical Unreviewed
CVE-2024-51115 was published Nov 6, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and... Critical Unreviewed
CVE-2024-51255 was published Oct 31, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and... Critical Unreviewed
CVE-2024-51260 was published Oct 31, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and... Critical Unreviewed
CVE-2024-51259 was published Oct 31, 2024
A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything... Critical Unreviewed
CVE-2024-48144 was published Oct 24, 2024
A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1... Critical Unreviewed
CVE-2024-48145 was published Oct 24, 2024
An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to... Critical Unreviewed
CVE-2024-48904 was published Oct 22, 2024
A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an... Critical Unreviewed
CVE-2024-35285 was published Oct 21, 2024
A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote,... Critical Unreviewed
CVE-2024-40089 was published Oct 21, 2024
An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the... Critical Unreviewed
CVE-2024-48659 was published Oct 21, 2024
The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote... Critical Unreviewed
CVE-2024-10131 was published Oct 19, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and... Critical Unreviewed
CVE-2024-48153 was published Oct 14, 2024
A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0).... Critical Unreviewed
CVE-2024-47562 was published Oct 8, 2024
A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC)... Critical Unreviewed
CVE-2024-20432 was published Oct 2, 2024
A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an... Critical Unreviewed
CVE-2024-46256 was published Sep 27, 2024
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a... Critical Unreviewed
CVE-2024-43693 was published Sep 25, 2024
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a... Critical Unreviewed
CVE-2024-45066 was published Sep 25, 2024
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated... Critical Unreviewed
CVE-2024-42505 was published Sep 25, 2024
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated... Critical Unreviewed
CVE-2024-42506 was published Sep 25, 2024
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated... Critical Unreviewed
CVE-2024-42507 was published Sep 25, 2024
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute... Critical Unreviewed
CVE-2024-0005 was published Sep 23, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database