Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,996 advisories

Loading
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to... Moderate Unreviewed
CVE-2025-8830 was published Aug 11, 2025
Improper neutralization of special elements used in a command ('command injection') in GitHub... High Unreviewed
CVE-2025-53773 was published Aug 12, 2025
A zip slip vulnerability in the /modules/ImportModule.php component of hortusfox-web v4.4 allows... Moderate Unreviewed
CVE-2025-45317 was published Aug 13, 2025
Active Storage allowed transformation methods that were potentially unsafe Critical
CVE-2025-24293 was published for activestorage (RubyGems) Aug 14, 2025
th4s1s
Credited to th4s1s
The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints... High Unreviewed
CVE-2024-53945 was published Aug 14, 2025
An issue was discovered in phome Empirebak 2010 in ebak2008/upload/class/config.php allowing... Moderate Unreviewed
CVE-2025-50515 was published Aug 14, 2025
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center ... Moderate Unreviewed
CVE-2025-20306 was published Aug 14, 2025
A vulnerability was identified in D-Link DIR-860L 2.04.B04. This affects the function... Moderate Unreviewed
CVE-2025-9026 was published Aug 15, 2025
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection... Moderate Unreviewed
CVE-2025-55590 was published Aug 18, 2025
TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2025-55591 was published Aug 18, 2025
A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts... Moderate Unreviewed
CVE-2025-50461 was published Aug 19, 2025
A vulnerability was determined in Wavlink WL-NU516U1 M16U1_V240425. This impacts the function... Moderate Unreviewed
CVE-2025-9149 was published Aug 19, 2025
screenshot-desktop vulnerable to command Injection via `format` option Critical
CVE-2025-55294 was published for screenshot-desktop (npm) Aug 19, 2025
RichardoC bencevans
Credited to RichardoC and bencevans
Adform Site Tracking 1.1 allows attackers to inject HTML or execute arbitrary code via cookie... Moderate Unreviewed
CVE-2025-50891 was published Aug 19, 2025
An authenticated arbitrary file upload vulnerability in the Content Explorer feature of LogicData... Moderate Unreviewed
CVE-2025-52337 was published Aug 19, 2025
A vulnerability was determined in neurobin shc up to 4.0.3. This vulnerability affects the... Moderate Unreviewed
CVE-2025-9174 was published Aug 20, 2025
A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of... Moderate Unreviewed
CVE-2025-9176 was published Aug 20, 2025
In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email... Moderate Unreviewed
CVE-2025-57733 was published Aug 20, 2025
A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and... Moderate Unreviewed
CVE-2025-9244 was published Aug 20, 2025
wong2 mcp-cli Command Injection Vulnerability Low
CVE-2025-9262 was published for @wong2/mcp-cli (npm) Aug 21, 2025
An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) could allow a... High Unreviewed
CVE-2025-48978 was published Aug 21, 2025
Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a... Critical Unreviewed
CVE-2025-24285 was published Aug 21, 2025
MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. This allows an... Moderate Unreviewed
CVE-2025-51818 was published Aug 21, 2025
Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command (... High Unreviewed
CVE-2025-41451 was published Aug 22, 2025
The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute... Critical Unreviewed
CVE-2025-57105 was published Aug 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database