Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,102 advisories

Loading
Claude Code echo command allowed bypass of user approval prompt for command execution High
CVE-2025-54795 was published for @anthropic-ai/claude-code (npm) Aug 4, 2025
An authenticated OS command injection vulnerability exists in various Linksys router models ... High Unreviewed
CVE-2013-10058 was published Aug 1, 2025
A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module... High Unreviewed
CVE-2013-10053 was published Aug 1, 2025
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the... Critical Unreviewed
CVE-2013-10060 was published Aug 1, 2025
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the... High Unreviewed
CVE-2013-10061 was published Aug 1, 2025
An authenticated OS command injection vulnerability exists in various D-Link routers (tested on... High Unreviewed
CVE-2013-10059 was published Aug 1, 2025
An OS command injection vulnerability exists in multiple D-Link routers—confirmed on DIR-300 rev... High Unreviewed
CVE-2013-10050 was published Aug 1, 2025
An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically... Critical Unreviewed
CVE-2013-10049 was published Aug 1, 2025
An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300... Critical Unreviewed
CVE-2013-10048 was published Aug 1, 2025
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers Critical
CVE-2025-54782 was published for @nestjs/devtools-integration (npm) Aug 1, 2025
JLLeitschuh
Credited to JLLeitschuh
Alpine iLX-507 UPDM_wstpCBCUpdStart Command Injection Vulnerability. This vulnerability allows... Moderate Unreviewed
CVE-2025-8473 was published Aug 1, 2025
A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in... High Unreviewed
CVE-2013-10039 was published Jul 31, 2025
An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to... Critical Unreviewed
CVE-2014-125124 was published Jul 31, 2025
An OS command injection vulnerability exists in Russound MBX-PRE-D67F firmware version 3.1.6,... Critical Unreviewed
CVE-2025-50475 was published Jul 31, 2025
An OS command injection vulnerability exists in WebTester version 5.x via the install2.php... Critical Unreviewed
CVE-2013-10037 was published Jul 31, 2025
An authenticated remote code execution vulnerability in PowerStick Wave Dual-Band Wifi Extender... High Unreviewed
CVE-2025-29534 was published Jul 28, 2025
CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability Critical
CVE-2025-54418 was published for codeigniter4/framework (Composer) Jul 28, 2025
vicevirus
Credited to vicevirus
OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to... Critical Unreviewed
CVE-2025-53695 was published Jul 28, 2025
A vulnerability, which was classified as critical, was found in Vaelsys 4.1.0. This affects the... Moderate Unreviewed
CVE-2025-8259 was published Jul 28, 2025
Duplicate Advisory: gix-transport code execution vulnerability Moderate
GHSA-5c5j-jmhx-q2gr was published for gix-transport (Rust) Jul 28, 2025 withdrawn
A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The... Critical Unreviewed
CVE-2014-125118 was published Jul 25, 2025
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used... Critical Unreviewed
CVE-2025-5243 was published Jul 25, 2025
The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions... Critical Unreviewed
CVE-2019-25224 was published Jul 25, 2025
Calibre Web and Autocaliweb have OS Command Injection vulnerability Moderate
CVE-2025-7404 was published for calibreweb (pip) Jul 24, 2025
gelbphoenix
Credited to gelbphoenix
Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code... Critical Unreviewed
CVE-2022-4978 was published Jul 23, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database