Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

917 advisories

Loading
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2023-51098 was published Dec 26, 2023
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2023-51099 was published Dec 26, 2023
TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the... Critical Unreviewed
CVE-2023-51035 was published Dec 22, 2023
TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the... Critical Unreviewed
CVE-2023-51033 was published Dec 22, 2023
There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the... Critical Unreviewed
CVE-2023-50147 was published Dec 22, 2023
TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution... Critical Unreviewed
CVE-2023-51028 was published Dec 22, 2023
Ruijie WS6008 v1.x v2.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 and WS6108 v1.x AC_RGOS11.9(6... Critical Unreviewed
CVE-2023-50993 was published Dec 21, 2023
Pedroetb TTS-API OS Command Injection Critical
CVE-2019-25158 was published for tts-api (npm) Dec 19, 2023
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has... Critical Unreviewed
CVE-2023-51385 was published Dec 18, 2023
Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutralization of Special Elements... Critical Unreviewed
CVE-2023-42495 was published Dec 13, 2023
In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell... Critical Unreviewed
CVE-2023-46454 was published Dec 12, 2023
An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote... Critical Unreviewed
CVE-2023-47254 was published Dec 9, 2023
In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains... Critical Unreviewed
CVE-2023-48800 was published Dec 4, 2023
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields... Critical Unreviewed
CVE-2023-48804 was published Nov 30, 2023
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields... Critical Unreviewed
CVE-2023-48808 was published Nov 30, 2023
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields... Critical Unreviewed
CVE-2023-48805 was published Nov 30, 2023
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields... Critical Unreviewed
CVE-2023-48810 was published Nov 30, 2023
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields... Critical Unreviewed
CVE-2023-48811 was published Nov 30, 2023
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields... Critical Unreviewed
CVE-2023-48807 was published Nov 30, 2023
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields... Critical Unreviewed
CVE-2023-48812 was published Nov 30, 2023
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields... Critical Unreviewed
CVE-2023-48806 was published Nov 30, 2023
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields... Critical Unreviewed
CVE-2023-48803 was published Nov 30, 2023
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields... Critical Unreviewed
CVE-2023-48802 was published Nov 30, 2023
An OS Command injection vulnerability in NEC Platforms DT900 and DT900S Series all versions... Critical Unreviewed
CVE-2023-3741 was published Nov 30, 2023
A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21... Critical Unreviewed
CVE-2023-4473 was published Nov 30, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database