Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,056
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,100 advisories

Loading
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an... High Unreviewed
CVE-2025-27234 was published Sep 12, 2025
Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email High
CVE-2025-59041 was published for @anthropic-ai/claude-code (npm) Sep 10, 2025
cai0duque
Credited to cai0duque
Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation Critical
CVE-2025-54123 was published for github.com/SpectoLabs/hoverfly (Go) Sep 10, 2025
Kr1shna4garwal
Credited to Kr1shna4garwal
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper... High Unreviewed
CVE-2025-43885 was published Sep 10, 2025
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper... High Unreviewed
CVE-2025-43884 was published Sep 10, 2025
OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to... High Unreviewed
CVE-2025-56413 was published Sep 10, 2025
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'... Moderate Unreviewed
CVE-2025-9997 was published Sep 10, 2025
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'... Moderate Unreviewed
CVE-2025-9996 was published Sep 9, 2025
OS Command ('OS Command Injection') vulnerability in Calix GigaCenter ONT (Quantenna SoC modules)... High Unreviewed
CVE-2025-54084 was published Sep 9, 2025
The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to run code on the... High Unreviewed
CVE-2025-23344 was published Sep 9, 2025
Multiple CWE-78 Critical Unreviewed
CVE-2025-55048 was published Sep 9, 2025
A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on... High Unreviewed
CVE-2024-7517 was published Sep 9, 2025
OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload High
CVE-2025-58180 was published for octoprint (pip) Sep 9, 2025
prabhatverma47
Credited to prabhatverma47
An OS command injection vulnerability exists in PLDT WiFi Router's Prolink PGN6401V Firmware 8.1... Moderate Unreviewed
CVE-2025-56498 was published Sep 9, 2025
An improper neutralization of special elements used in an OS command ('OS Command Injection')... Moderate Unreviewed
CVE-2024-45325 was published Sep 9, 2025
Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local... High Unreviewed
CVE-2025-56803 was published Sep 8, 2025
@akoskm/create-mcp-server-stdio is vulnerable to MCP Server Command Injection through `exec` API Critical
CVE-2025-54994 was published for @akoskm/create-mcp-server-stdio (npm) Sep 8, 2025
lirantal
Credited to lirantal
TkEasyGUI Vulnerable to OS Command Injection Critical
CVE-2025-55037 was published for TkEasyGUI (pip) Sep 5, 2025
A security vulnerability has been detected in D-Link DIR-852 1.00CN B09. Impacted is the function... Moderate Unreviewed
CVE-2025-9752 was published Sep 4, 2025
Vacron Camera ping Command Injection Remote Code Execution Vulnerability. This vulnerability... High Unreviewed
CVE-2025-8613 was published Sep 2, 2025
TRENDnet TV-IP410 vA1.0R was discovered to contain an OS command injection vulnerability via the ... Critical Unreviewed
CVE-2024-46484 was published Aug 29, 2025
The authenticated remote command execution (RCE) vulnerability exists in the Parental Control... High Unreviewed
CVE-2025-9377 was published Aug 29, 2025
A command injection vulnerability has been reported to affect QuRouter 2.5.1. If a remote... High Unreviewed
CVE-2025-29887 was published Aug 29, 2025
Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If... High Unreviewed
CVE-2025-53508 was published Aug 29, 2025
A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown... Moderate Unreviewed
CVE-2025-9580 was published Aug 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database