Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

3,079 advisories

Loading
Remote Code Execution in create_conda_env function in lollms Moderate
CVE-2024-3121 was published for lollms (pip) Jun 24, 2024
An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC... High Unreviewed
CVE-2024-8280 was published Sep 13, 2024
An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC... High Unreviewed
CVE-2024-8281 was published Sep 13, 2024
A privilege escalation vulnerability was discovered in XCC that could allow a valid,... High Unreviewed
CVE-2024-8279 was published Sep 13, 2024
A privilege escalation vulnerability was discovered in XCC that could allow a valid,... High Unreviewed
CVE-2024-8278 was published Sep 13, 2024
conference-scheduler-cli Arbitrary Code Execution High
CVE-2018-14572 was published for conference-scheduler-cli (pip) Oct 29, 2018
OS Command Injection in cookiecutter High
CVE-2022-24065 was published for cookiecutter (pip) Jun 9, 2022
remote code execution via git repo provider Critical
CVE-2021-39159 was published for binderhub (pip) Aug 30, 2021
dreyercito rccern
The web administration interface in NetModule Router Software (NRSW) 4.6 before 4.6.0.106 and 4.8... Moderate Unreviewed
CVE-2023-46306 was published Oct 22, 2023
An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 allows an attacker to... Critical Unreviewed
CVE-2023-46510 was published Oct 27, 2023
An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell... High Unreviewed
CVE-2024-8504 was published Sep 10, 2024
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were... Critical Unreviewed
CVE-2022-27005 was published Mar 17, 2022
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were... Critical Unreviewed
CVE-2022-27003 was published Mar 17, 2022
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were... Critical Unreviewed
CVE-2022-27004 was published Mar 17, 2022
OS Command injection in Apache Airflow High
CVE-2022-24288 was published for apache-airflow (pip) Feb 26, 2022
Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/... Critical Unreviewed
CVE-2018-17558 was published Oct 27, 2023
Command injection via Celery broker in Apache Airflow Critical
CVE-2020-11981 was published for apache-airflow (pip) Jul 27, 2020
sunSUNQ
Remote code execution (RCE) in Apache Airflow High
CVE-2020-11978 was published for apache-airflow (pip) Jul 27, 2020
sunSUNQ
Apache Airflow vulnerable to OS Command Injection via example DAGs High
CVE-2022-40127 was published for apache-airflow (pip) Nov 14, 2022
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection... High Unreviewed
CVE-2024-44844 was published Sep 6, 2024
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated... High Unreviewed
CVE-2024-8686 was published Sep 11, 2024
Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker... High Unreviewed
CVE-2024-20483 was published Sep 11, 2024
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker... High Unreviewed
CVE-2024-20398 was published Sep 11, 2024
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection... High Unreviewed
CVE-2024-44845 was published Sep 6, 2024
A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the... Critical Unreviewed
CVE-2024-6091 was published Sep 11, 2024
ProTip! Advisories are also available from the GraphQL API