Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,278 advisories

Loading
Claude Code echo command allowed bypass of user approval prompt for command execution High
CVE-2025-54795 was published for @anthropic-ai/claude-code (npm) Aug 4, 2025
An authenticated OS command injection vulnerability exists in various D-Link routers (tested on... High Unreviewed
CVE-2013-10059 was published Aug 1, 2025
An OS command injection vulnerability exists in multiple D-Link routers—confirmed on DIR-300 rev... High Unreviewed
CVE-2013-10050 was published Aug 1, 2025
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the... High Unreviewed
CVE-2013-10061 was published Aug 1, 2025
An authenticated OS command injection vulnerability exists in various Linksys router models ... High Unreviewed
CVE-2013-10058 was published Aug 1, 2025
A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module... High Unreviewed
CVE-2013-10053 was published Aug 1, 2025
A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in... High Unreviewed
CVE-2013-10039 was published Jul 31, 2025
An authenticated remote code execution vulnerability in PowerStick Wave Dual-Band Wifi Extender... High Unreviewed
CVE-2025-29534 was published Jul 28, 2025
An authenticated remote attacker can execute arbitrary commands with root privileges on affected... High Unreviewed
CVE-2025-41684 was published Jul 23, 2025
An authenticated remote attacker can execute arbitrary commands with root privileges on affected... High Unreviewed
CVE-2025-41683 was published Jul 23, 2025
Withdrawn Advisory: bun vulnerable to OS Command Injection High
CVE-2025-8022 was published for bun (npm) Jul 23, 2025 withdrawn
lirantal
Credited to lirantal
Improper neutralization of special elements used in an OS command ('OS Command Injection')... High Unreviewed
CVE-2024-53286 was published Jul 23, 2025
A command injection vulnerability exists that can be exploited after authentication in VIGI... High Unreviewed
CVE-2025-7723 was published Jul 22, 2025
WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS... High Unreviewed
CVE-2025-53472 was published Jul 22, 2025
A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21... High Unreviewed
CVE-2025-7382 was published Jul 21, 2025
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139... High Unreviewed
CVE-2025-46117 was published Jul 21, 2025
A high privileged remote attacker can execute arbitrary system commands via POST requests in the... High Unreviewed
CVE-2025-41674 was published Jul 21, 2025
A high privileged remote attacker can execute arbitrary system commands via GET requests in the... High Unreviewed
CVE-2025-41675 was published Jul 21, 2025
A high privileged remote attacker can execute arbitrary system commands via POST requests in the... High Unreviewed
CVE-2025-41673 was published Jul 21, 2025
The web application allows user input to pass unfiltered to a command executed on the underlying... High Unreviewed
CVE-2025-24938 was published Jul 21, 2025
Withdrawn Advisory: Thor can construct an unsafe shell command from library input. High
CVE-2025-54314 was published for thor (RubyGems) Jul 20, 2025 withdrawn
odaysec
Credited to odaysec
GitHub Kanban MCP Server vulnerable to Command Injection High
CVE-2025-53818 was published for @sunwood-ai-labs/github-kanban-mcp-server (npm) Jul 15, 2025
lirantal
Credited to lirantal
Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0... High Unreviewed
CVE-2013-3307 was published Jul 11, 2025
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... High Unreviewed
CVE-2025-52988 was published Jul 11, 2025
An authenticated command injection vulnerability exists in the Polycom HDX Series command shell... High Unreviewed
CVE-2025-34093 was published Jul 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database