GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,079 advisories
Filter by severity
Remote Code Execution in create_conda_env function in lollms
Moderate
CVE-2024-3121
was published
for
lollms
(pip)
Jun 24, 2024
An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC...
High
Unreviewed
CVE-2024-8280
was published
Sep 13, 2024
An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC...
High
Unreviewed
CVE-2024-8281
was published
Sep 13, 2024
A privilege escalation vulnerability was discovered in XCC that could allow a valid,...
High
Unreviewed
CVE-2024-8279
was published
Sep 13, 2024
A privilege escalation vulnerability was discovered in XCC that could allow a valid,...
High
Unreviewed
CVE-2024-8278
was published
Sep 13, 2024
conference-scheduler-cli Arbitrary Code Execution
High
CVE-2018-14572
was published
for
conference-scheduler-cli
(pip)
Oct 29, 2018
OS Command Injection in cookiecutter
High
CVE-2022-24065
was published
for
cookiecutter
(pip)
Jun 9, 2022
remote code execution via git repo provider
Critical
CVE-2021-39159
was published
for
binderhub
(pip)
Aug 30, 2021
The web administration interface in NetModule Router Software (NRSW) 4.6 before 4.6.0.106 and 4.8...
Moderate
Unreviewed
CVE-2023-46306
was published
Oct 22, 2023
An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 allows an attacker to...
Critical
Unreviewed
CVE-2023-46510
was published
Oct 27, 2023
An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell...
High
Unreviewed
CVE-2024-8504
was published
Sep 10, 2024
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were...
Critical
Unreviewed
CVE-2022-27005
was published
Mar 17, 2022
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were...
Critical
Unreviewed
CVE-2022-27003
was published
Mar 17, 2022
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were...
Critical
Unreviewed
CVE-2022-27004
was published
Mar 17, 2022
OS Command injection in Apache Airflow
High
CVE-2022-24288
was published
for
apache-airflow
(pip)
Feb 26, 2022
Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/...
Critical
Unreviewed
CVE-2018-17558
was published
Oct 27, 2023
Command injection via Celery broker in Apache Airflow
Critical
CVE-2020-11981
was published
for
apache-airflow
(pip)
Jul 27, 2020
Remote code execution (RCE) in Apache Airflow
High
CVE-2020-11978
was published
for
apache-airflow
(pip)
Jul 27, 2020
Apache Airflow vulnerable to OS Command Injection via example DAGs
High
CVE-2022-40127
was published
for
apache-airflow
(pip)
Nov 14, 2022
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection...
High
Unreviewed
CVE-2024-44844
was published
Sep 6, 2024
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated...
High
Unreviewed
CVE-2024-8686
was published
Sep 11, 2024
Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker...
High
Unreviewed
CVE-2024-20483
was published
Sep 11, 2024
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker...
High
Unreviewed
CVE-2024-20398
was published
Sep 11, 2024
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection...
High
Unreviewed
CVE-2024-44845
was published
Sep 6, 2024
A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the...
Critical
Unreviewed
CVE-2024-6091
was published
Sep 11, 2024
ProTip!
Advisories are also available from the
GraphQL API