GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,006
Composer 4,299
Erlang 31
GitHub Actions 21
Go 2,065
Maven 5,241
npm 3,744
NuGet 668
pip 3,425
Pub 12
RubyGems 892
Rust 877
Swift 36

Unreviewed advisories

All unreviewed 240,043

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

818 advisories

Filter by severity

Sort by

Least recently updated

A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything... Critical Unreviewed

CVE-2024-48144 was published Oct 24, 2024

A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1... Critical Unreviewed

CVE-2024-48145 was published Oct 24, 2024

An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to... Critical Unreviewed

CVE-2024-48904 was published Oct 22, 2024

A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an... Critical Unreviewed

CVE-2024-35285 was published Oct 21, 2024

A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote,... Critical Unreviewed

CVE-2024-40089 was published Oct 21, 2024

An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the... Critical Unreviewed

CVE-2024-48659 was published Oct 21, 2024

The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote... Critical Unreviewed

CVE-2024-10131 was published Oct 19, 2024

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and... Critical Unreviewed

CVE-2024-48153 was published Oct 14, 2024

A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0).... Critical Unreviewed

CVE-2024-47562 was published Oct 8, 2024

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC)... Critical Unreviewed

CVE-2024-20432 was published Oct 2, 2024

A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an... Critical Unreviewed

CVE-2024-46256 was published Sep 27, 2024

A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a... Critical Unreviewed

CVE-2024-43693 was published Sep 25, 2024

A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a... Critical Unreviewed

CVE-2024-45066 was published Sep 25, 2024

Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated... Critical Unreviewed

CVE-2024-42505 was published Sep 25, 2024

Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated... Critical Unreviewed

CVE-2024-42506 was published Sep 25, 2024

Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated... Critical Unreviewed

CVE-2024-42507 was published Sep 25, 2024

A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute... Critical Unreviewed

CVE-2024-0005 was published Sep 23, 2024

CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The... Critical Unreviewed

CVE-2024-45824 was published Sep 12, 2024

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers... Critical Unreviewed

CVE-2024-44466 was published Sep 11, 2024

D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. Critical Unreviewed

CVE-2024-44410 was published Sep 9, 2024

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm. Critical Unreviewed

CVE-2024-44402 was published Sep 6, 2024

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the... Critical Unreviewed

CVE-2024-44401 was published Sep 6, 2024

Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60 has a command execution... Critical Unreviewed

CVE-2024-42905 was published Aug 28, 2024

Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application... Critical Unreviewed

CVE-2024-8073 was published Aug 26, 2024

An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows... Critical Unreviewed

CVE-2024-42947 was published Aug 15, 2024

Previous 1 2 3 4 5 … 32 33 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

818 advisories