Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,989 advisories

Loading
A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L... Critical Unreviewed
CVE-2021-45382 was published Feb 18, 2022
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector... High Unreviewed
CVE-2020-4006 was published May 24, 2022
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02... High Unreviewed
CVE-2020-25079 was published May 24, 2022
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show... Critical Unreviewed
CVE-2010-5330 was published Apr 21, 2022
A remote code execution vulnerability exists in the way that the MSHTML engine inproperly... High Unreviewed
CVE-2019-0541 was published May 13, 2022
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution,... High Unreviewed
CVE-2017-6327 was published May 13, 2022
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5)... Critical Unreviewed
CVE-2016-1555 was published May 14, 2022
Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and... High Unreviewed
CVE-2016-6367 was published May 17, 2022
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0... High Unreviewed
CVE-2015-4852 was published May 14, 2022
Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled... Moderate Unreviewed
CVE-2025-56799 was published Oct 21, 2025
TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2025-61045 was published Oct 1, 2025
Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command... Critical Unreviewed
CVE-2025-10020 was published Oct 21, 2025
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Moderate Unreviewed
CVE-2025-62696 was published Oct 21, 2025
A security issue exists within FactoryTalk Optix MQTT broker due to the lack of URI sanitization.... High Unreviewed
CVE-2025-9161 was published Sep 9, 2025
In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing... High Unreviewed
CVE-2022-20345 was published Aug 11, 2022
The script input feature of SpagoBI 3.5.1 allows arbitrary code execution. Critical Unreviewed
CVE-2024-54794 was published Jan 21, 2025
Reolink Video Doorbell WiFi DB_566128M5MP_W performs insufficient validation of firmware update... Moderate Unreviewed
CVE-2025-60855 was published Oct 16, 2025
An arbitrary file upload vulnerability in SageMath, Inc CoCalc before commit 0d2ff58 allows... Moderate Unreviewed
CVE-2025-61514 was published Oct 16, 2025
`git-comiters` Command Injection vulnerability High
CVE-2025-59831 was published for git-commiters (npm) Sep 22, 2025
lirantal
Credited to lirantal
Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a... Moderate Unreviewed
CVE-2025-58132 was published Oct 15, 2025
LiteLLM Vulnerable to Remote Code Execution (RCE) High
CVE-2024-6825 was published for litellm (pip) Mar 20, 2025
Horovod Vulnerable to Command Injection Critical
CVE-2024-10190 was published for horovod (pip) Mar 20, 2025
A vulnerability classified as critical was found in FLIR AX8 up to 1.46.16. This vulnerability... High Unreviewed
CVE-2025-5126 was published May 24, 2025
AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that... High Unreviewed
CVE-2025-1040 was published Mar 20, 2025
A command injection vulnerability exists in the workflow-checker.yml workflow of significant... High Unreviewed
CVE-2024-8156 was published Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database