GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,092
Composer 4,324
Erlang 31
GitHub Actions 21
Go 2,086
Maven 5,251
npm 3,751
NuGet 674
pip 3,437
Pub 12
RubyGems 892
Rust 881
Swift 37

Unreviewed advisories

All unreviewed 241,621

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

131 advisories

Filter by severity

Sort by

Least recently updated

A command execution vulnerability exists in the qos.cgi qos_sta() functionality of Wavlink AC3000... Critical Unreviewed

CVE-2024-36295 was published Jan 14, 2025

A command execution vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink... Critical Unreviewed

CVE-2024-21797 was published Jan 14, 2025

A command execution vulnerability exists in the update_filter_url.sh functionality of Wavlink... Critical Unreviewed

CVE-2024-39604 was published Jan 14, 2025

A command injection vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink... Critical Unreviewed

CVE-2024-34544 was published Jan 14, 2025

Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of... Critical Unreviewed

CVE-2024-39784 was published Jan 14, 2025

Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of... Critical Unreviewed

CVE-2024-39785 was published Jan 14, 2025

The go command may execute arbitrary code at build time when using cgo. This may occur when... Critical Unreviewed

CVE-2023-29405 was published Jun 8, 2023

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It... Critical Unreviewed

CVE-2024-10914 was published Nov 6, 2024

Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI... Critical Unreviewed

CVE-2023-39213 was published Aug 9, 2023

A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE... Critical Unreviewed

CVE-2023-44373 was published Nov 14, 2023

A host header injection vulnerability exists in the forgot password functionality of ArrowCMS... Critical Unreviewed

CVE-2024-42914 was published Aug 23, 2024

A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR)... Critical Unreviewed

CVE-2024-40324 was published Jul 25, 2024

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000... Critical Unreviewed

CVE-2024-39227 was published Aug 6, 2024

DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language)... Critical Unreviewed

CVE-2024-37759 was published Jun 24, 2024

Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows... Critical Unreviewed

CVE-2024-39704 was published Jul 3, 2024

An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay... Critical Unreviewed

CVE-2024-34919 was published May 17, 2024

An unauthorized node injection vulnerability has been identified in ROS2 Foxy Fitzroy versions... Critical Unreviewed

CVE-2023-33566 was published Jun 27, 2023

Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to... Critical Unreviewed

CVE-2022-47583 was published Oct 19, 2023

Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the... Critical Unreviewed

CVE-2023-1523 was published Sep 1, 2023

TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via... Critical Unreviewed

CVE-2022-24989 was published Aug 20, 2023

Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a... Critical Unreviewed

CVE-2023-33241 was published Aug 10, 2023

MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template... Critical Unreviewed

CVE-2023-36210 was published Aug 1, 2023

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates... Critical Unreviewed

CVE-2023-24540 was published May 11, 2023

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager... Critical Unreviewed

CVE-2020-15348 was published May 24, 2022

Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64... Critical Unreviewed

CVE-2020-5505 was published May 24, 2022

Previous 1 2 3 4 5 6 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

131 advisories