Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,634
Maven
5,000+
npm
4,258
NuGet
760
pip
4,051
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,989 advisories

Loading
Dell CloudLink, versions prior 8.1.1, contain a Command Injection vulnerability which can be... Moderate Unreviewed
CVE-2025-46365 was published Nov 5, 2025
An issue in NetSurf v.3.11 allows a remote attacker to execute arbitrary code via the... Moderate Unreviewed
CVE-2024-51317 was published Nov 3, 2025
sqls-server/sqls is vulnerable to command injection in the config command High
CVE-2025-61141 was published for github.com/sqls-server/sqls (Go) Oct 30, 2025
SPH Engineering UgCS 5.13.0 is vulnerable to Arbitary code execution. High Unreviewed
CVE-2025-60595 was published Oct 29, 2025
A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client on... Moderate Unreviewed
CVE-2025-1549 was published Oct 29, 2025
A vulnerability has been found in D-Link DI-7001 MINI 19.09.19A1/24.04.18B1. The affected element... Moderate Unreviewed
CVE-2025-12313 was published Oct 27, 2025
A security vulnerability has been detected in D-Link DAP-2695 2.00RC13. The impacted element is... Moderate Unreviewed
CVE-2025-12296 was published Oct 27, 2025
jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution ... High Unreviewed
CVE-2025-60801 was published Oct 24, 2025
The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the... Critical Unreviewed
CVE-2025-58428 was published Oct 23, 2025
An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact... Moderate Unreviewed
CVE-2025-54964 was published Oct 23, 2025
A high privileged remote attacker can influence the parameters passed to the openssl command due... Low Unreviewed
CVE-2025-41721 was published Oct 22, 2025
Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled... Moderate Unreviewed
CVE-2025-56799 was published Oct 21, 2025
NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow Critical
CVE-2025-54469 was published for github.com/neuvector/neuvector (Go) Oct 21, 2025
Bambu Studio 2.1.1.52 and earlier is affected by a vulnerability that allows arbitrary code... Moderate Unreviewed
CVE-2025-57521 was published Oct 21, 2025
Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command... Critical Unreviewed
CVE-2025-10020 was published Oct 21, 2025
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Moderate Unreviewed
CVE-2025-62696 was published Oct 21, 2025
An arbitrary file upload vulnerability in SageMath, Inc CoCalc before commit 0d2ff58 allows... Moderate Unreviewed
CVE-2025-61514 was published Oct 16, 2025
Reolink Video Doorbell WiFi DB_566128M5MP_W performs insufficient validation of firmware update... Moderate Unreviewed
CVE-2025-60855 was published Oct 16, 2025
Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a... Moderate Unreviewed
CVE-2025-58132 was published Oct 15, 2025
Flowise: Authenticated Command Execution and Sandbox Bypass via Puppeteer and Playwright Packages High
CVE-2025-34267 was published for flowise (npm) Oct 14, 2025
A vulnerability in the web-based management interface of network access point configuration... High Unreviewed
CVE-2025-37146 was published Oct 14, 2025
An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller... High Unreviewed
CVE-2025-37134 was published Oct 14, 2025
An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller... High Unreviewed
CVE-2025-37133 was published Oct 14, 2025
An authenticated command injection vulnerability exists in the command line interface binary of... Moderate Unreviewed
CVE-2025-37138 was published Oct 14, 2025
tracexec has `env` command argument injection via environment variables starting with dash in traced exec events Low
GHSA-6fgx-x7m2-74qm was published for tracexec (Rust) Oct 13, 2025
kxxt
Credited to kxxt
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database