Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,104 advisories

Loading
OS command injection vulnerability exists in awkblog v0.0.1 (commit hash... Critical Unreviewed
CVE-2024-36360 was published Jun 11, 2024
Koha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the... High Unreviewed
CVE-2025-30076 was published Mar 16, 2025
Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable... High Unreviewed
CVE-2024-35519 was published Oct 15, 2024
pgAdmin failed to properly control the server code Moderate
CVE-2023-5002 was published for pgadmin4 (pip) Sep 22, 2023
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue... High Unreviewed
CVE-2025-24306 was published Mar 18, 2025
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue... High Unreviewed
CVE-2025-25220 was published Mar 18, 2025
A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and... Critical Unreviewed
CVE-2024-11482 was published Nov 29, 2024
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name... Critical Unreviewed
CVE-2022-48337 was published Feb 21, 2023
An issue was discovered on NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic... Moderate Unreviewed
CVE-2024-53942 was published Feb 3, 2025
HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute... High Unreviewed
CVE-2025-0255 was published Mar 24, 2025
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP... High Unreviewed
CVE-2022-46649 was published Feb 10, 2023
A command injection vulnerability exists in Jitsi before commit... Critical Unreviewed
CVE-2022-43550 was published Feb 9, 2023
Command Injection vulnerability in Edimax Technology Co., Ltd. Wireless Router N300 Firmware... High Unreviewed
CVE-2022-45768 was published Feb 7, 2023
An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers... Critical Unreviewed
CVE-2024-42978 was published Aug 15, 2024
semver-tags is vulnerable to Command Injection via the getGitTagsRemote function High
CVE-2022-25853 was published for semver-tags (npm) Feb 6, 2023
create-choo-app3 is vulnerable to Command Injection via the devInstall function High
CVE-2022-25855 was published for create-choo-app3 (npm) Feb 6, 2023
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for... High Unreviewed
CVE-2025-2257 was published Mar 26, 2025
In cmd services, there is a OS command injection issue due to missing permission check. This... Moderate Unreviewed
CVE-2022-47339 was published Feb 12, 2023
is-http2 vulnerable to Improper Input Validation High
CVE-2022-25906 was published for is-http2 (npm) Feb 1, 2023
D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE)... High Unreviewed
CVE-2022-46552 was published Feb 2, 2023
close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE. High Unreviewed
CVE-2022-48624 was published Feb 19, 2024
mt7688-wiscan is vulnerable to Command Injection due to improper input sanitization High
CVE-2022-25916 was published for mt7688-wiscan (npm) Feb 1, 2023
Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements... High Unreviewed
CVE-2025-24382 was published Mar 28, 2025
Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements... High Unreviewed
CVE-2025-24377 was published Mar 28, 2025
Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements... High Unreviewed
CVE-2024-49601 was published Mar 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database