GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,369
Composer 4,373
Erlang 33
GitHub Actions 22
Go 2,135
Maven 5,313
npm 3,797
NuGet 687
pip 3,478
Pub 12
RubyGems 896
Rust 897
Swift 38

Unreviewed advisories

All unreviewed 245,386

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

3,438 advisories

Filter by severity

Sort by

Least recently updated

Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to... High Unreviewed

CVE-2019-15949 was published May 24, 2022

Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1... Critical Unreviewed

CVE-2021-27561 was published May 24, 2022

Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that... Critical Unreviewed

CVE-2021-35394 was published May 24, 2022

Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the... High Unreviewed

CVE-2019-19356 was published May 24, 2022

Dell RecoverPoint for Virtual Machines 6.0.x contains a OS Command Injection vulnerability. An... Moderate Unreviewed

CVE-2024-48008 was published Dec 13, 2024

An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the... High Unreviewed

CVE-2018-9276 was published May 13, 2022

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector... High Unreviewed

CVE-2020-4006 was published May 24, 2022

Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. A... High Unreviewed

CVE-2024-22461 was published Dec 13, 2024

The end-of-life Netgear FVS336Gv2 and FVS336Gv3 are affected by a command injection vulnerability... High Unreviewed

CVE-2024-23690 was published Feb 4, 2025

**UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the... High Unreviewed

CVE-2024-40891 was published Feb 4, 2025

**UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the CGI... High Unreviewed

CVE-2024-40890 was published Feb 4, 2025

Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a... Critical Unreviewed

CVE-2024-0740 was published Apr 26, 2024

OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone... Critical Unreviewed

CVE-2024-53584 was published Jan 31, 2025

Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service... High Unreviewed

CVE-2021-27102 was published May 24, 2022

Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request... Critical Unreviewed

CVE-2021-27104 was published May 24, 2022

Affected products contain a vulnerability in the device cloud rpc command handling process that... Critical Unreviewed

CVE-2025-0680 was published Jan 30, 2025

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is... High Unreviewed

CVE-2024-2662 was published May 14, 2024

Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command... Critical Unreviewed

CVE-2023-29944 was published May 8, 2023

SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an... High Unreviewed

CVE-2021-38163 was published May 24, 2022

A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L... Critical Unreviewed

CVE-2021-45382 was published Feb 18, 2022

mySCADA myPRO does not properly neutralize POST requests sent to a specific port with version... Critical Unreviewed

CVE-2025-20014 was published Jan 29, 2025

mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email... Critical Unreviewed

CVE-2025-20061 was published Jan 29, 2025

SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via... Critical Unreviewed

CVE-2022-29303 was published May 13, 2022

Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17,... High Unreviewed

CVE-2022-36804 was published Aug 26, 2022

Zoho ManageEngine ADSelfService Plus before 6122 allows an authenticated user to achieve remote... High Unreviewed

CVE-2022-28810 was published Apr 19, 2022

Previous 1 2 3 4 5 … 137 138 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

3,438 advisories