Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,986
Erlang
39
GitHub Actions
38
Go
2,626
Maven
5,000+
npm
4,258
NuGet
760
pip
4,051
Pub
12
RubyGems
954
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,098 advisories

Loading
HyperX NGENUITY software is potentially vulnerable to arbitrary code execution. HP is releasing... Moderate Unreviewed
CVE-2025-10568 was published Sep 19, 2025
IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute... Moderate Unreviewed
CVE-2025-36143 was published Sep 18, 2025
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python... Critical Unreviewed
CVE-2025-23316 was published Sep 18, 2025
The N-Reporter, N-Cloud, and N-Probe developed by N-Partner has an OS Command Injection... Critical Unreviewed
CVE-2025-9972 was published Sep 17, 2025
In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can... High Unreviewed
CVE-2025-59518 was published Sep 17, 2025
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue... High Unreviewed
CVE-2025-58116 was published Sep 17, 2025
The N-Reporter, N-Cloud, and N-Probe developed by N-Partner has an OS Command Injection... High Unreviewed
CVE-2025-10589 was published Sep 17, 2025
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line... High Unreviewed
CVE-2025-37126 was published Sep 17, 2025
A vulnerable feature in the command line interface of EdgeConnect SD-WAN could allow an... Moderate Unreviewed
CVE-2025-37129 was published Sep 17, 2025
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file... Critical Unreviewed
CVE-2025-34187 was published Sep 16, 2025
Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection... Critical Unreviewed
CVE-2025-34184 was published Sep 16, 2025
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication... Critical Unreviewed
CVE-2025-34186 was published Sep 16, 2025
Flowise has unsandboxed remote code execution via Custom MCP High
GHSA-6933-jpx5-q87q was published for flowise (npm) Sep 15, 2025
assaf-levkovich-jf
Credited to assaf-levkovich-jf
mcp-kubernetes-server has an OS Command Injection vulnerability Critical
CVE-2025-59377 was published for mcp-kubernetes-server (pip) Sep 15, 2025
cai0duque
Credited to cai0duque
Chaos Controller Manager is vulnerable to OS command injection Critical
CVE-2025-59361 was published for github.com/chaos-mesh/chaos-mesh (Go) Sep 15, 2025
Chaos Controller Manager is vulnerable to OS command injection Critical
CVE-2025-59359 was published for github.com/chaos-mesh/chaos-mesh (Go) Sep 15, 2025
Chaos Controller Manager is vulnerable to OS command injection Critical
CVE-2025-59360 was published for github.com/chaos-mesh/chaos-mesh (Go) Sep 15, 2025
A vulnerability was detected in Wavlink WL-WN578W2 221110. This impacts the function sub_404DBC... Moderate Unreviewed
CVE-2025-10359 was published Sep 13, 2025
A security vulnerability has been detected in Wavlink WL-WN578W2 221110. This affects the... Moderate Unreviewed
CVE-2025-10358 was published Sep 13, 2025
A security vulnerability has been detected in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by... Moderate Unreviewed
CVE-2025-10328 was published Sep 13, 2025
A weakness has been identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this... Moderate Unreviewed
CVE-2025-10327 was published Sep 12, 2025
A security flaw has been discovered in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an... Moderate Unreviewed
CVE-2025-10326 was published Sep 12, 2025
Certain models of NVR developed by Digiever has an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-10265 was published Sep 12, 2025
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an... High Unreviewed
CVE-2025-27234 was published Sep 12, 2025
Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email High
CVE-2025-59041 was published for @anthropic-ai/claude-code (npm) Sep 10, 2025
cai0duque
Credited to cai0duque
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database