Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,695
Maven
5,000+
npm
4,324
NuGet
761
pip
4,099
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,297 advisories

Loading
motionEye vulnerable to RCE via unsanitized motion config parameter High
CVE-2025-60787 was published for motioneye (pip) Nov 3, 2025
prabhatverma47 MichaIng
Credited to prabhatverma47 and MichaIng
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote... High Unreviewed
CVE-2020-4428 was published May 24, 2022
Three OS command injection vulnerabilities exist in the web interface I/O configuration... High Unreviewed
CVE-2024-28025 was published Aug 26, 2025
Three OS command injection vulnerabilities exist in the web interface I/O configuration... High Unreviewed
CVE-2024-28027 was published Aug 26, 2025
Three OS command injection vulnerabilities exist in the web interface I/O configuration... High Unreviewed
CVE-2024-28026 was published Aug 26, 2025
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library ... High Unreviewed
CVE-2024-11003 was published Nov 19, 2024
An unauthenticated attacker with network access to the affected device's web interface can... High Unreviewed
CVE-2024-28138 was published Dec 10, 2024
An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of... High Unreviewed
CVE-2024-32937 was published Jul 3, 2024
Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek... High Unreviewed
CVE-2023-50382 was published Jul 8, 2024
Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek... High Unreviewed
CVE-2023-50381 was published Jul 8, 2024
Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are... High Unreviewed
CVE-2024-33896 was published Aug 2, 2024
An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell... High Unreviewed
CVE-2024-8504 was published Sep 10, 2024
Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek... High Unreviewed
CVE-2023-50383 was published Jul 8, 2024
Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1... High Unreviewed
CVE-2023-24519 was published Jul 6, 2023
An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink... High Unreviewed
CVE-2023-34356 was published Oct 11, 2023
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of... High Unreviewed
CVE-2023-35193 was published Oct 11, 2023
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave... High Unreviewed
CVE-2023-35959 was published Jan 8, 2024
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave... High Unreviewed
CVE-2023-35962 was published Jan 8, 2024
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave... High Unreviewed
CVE-2023-35961 was published Jan 8, 2024
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave... High Unreviewed
CVE-2023-35960 was published Jan 8, 2024
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave... High Unreviewed
CVE-2023-35964 was published Jan 8, 2024
A post authentication command injection vulnerability exists when configuring the wireguard VPN... High Unreviewed
CVE-2023-46683 was published Feb 6, 2024
A post-authentication command injection vulnerability exists in the PPTP client functionality of... High Unreviewed
CVE-2023-36498 was published Feb 6, 2024
A post authentication command injection vulnerability exists in the GRE policy functionality of... High Unreviewed
CVE-2023-47167 was published Feb 6, 2024
A post authentication command execution vulnerability exists in the web filtering functionality... High Unreviewed
CVE-2023-47618 was published Feb 6, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database