Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,640
Maven
5,000+
npm
4,265
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,102 advisories

Loading
An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and... Critical Unreviewed
CVE-2015-10141 was published Jul 23, 2025
An authenticated remote attacker can execute arbitrary commands with root privileges on affected... High Unreviewed
CVE-2025-41684 was published Jul 23, 2025
An authenticated remote attacker can execute arbitrary commands with root privileges on affected... High Unreviewed
CVE-2025-41683 was published Jul 23, 2025
Improper neutralization of special elements used in an OS command ('OS Command Injection')... High Unreviewed
CVE-2024-53286 was published Jul 23, 2025
Withdrawn Advisory: bun vulnerable to OS Command Injection High
CVE-2025-8022 was published for bun (npm) Jul 23, 2025 withdrawn
lirantal
Credited to lirantal
A potential command injection vulnerability has been identified in the Poly Clariti Manager for... Moderate Unreviewed
CVE-2025-43020 was published Jul 23, 2025
A command injection vulnerability exists that can be exploited after authentication in VIGI... High Unreviewed
CVE-2025-7723 was published Jul 22, 2025
An unauthenticated OS command injection vulnerability exists in VIGI NVR1104H-4P V1 and VIGI... Critical Unreviewed
CVE-2025-7724 was published Jul 22, 2025
An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The... Critical Unreviewed
CVE-2025-34143 was published Jul 22, 2025
WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS... High Unreviewed
CVE-2025-53472 was published Jul 22, 2025
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /_internal... Critical Unreviewed
CVE-2025-36846 was published Jul 21, 2025
A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21... High Unreviewed
CVE-2025-7382 was published Jul 21, 2025
An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos... Critical Unreviewed
CVE-2025-6704 was published Jul 21, 2025
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139... High Unreviewed
CVE-2025-46117 was published Jul 21, 2025
A high privileged remote attacker can execute arbitrary system commands via POST requests in the... High Unreviewed
CVE-2025-41674 was published Jul 21, 2025
A high privileged remote attacker can execute arbitrary system commands via GET requests in the... High Unreviewed
CVE-2025-41675 was published Jul 21, 2025
A high privileged remote attacker can execute arbitrary system commands via POST requests in the... High Unreviewed
CVE-2025-41673 was published Jul 21, 2025
The web application allows user input to pass unfiltered to a command executed on the underlying... Critical Unreviewed
CVE-2025-24936 was published Jul 21, 2025
The web application allows user input to pass unfiltered to a command executed on the underlying... High Unreviewed
CVE-2025-24938 was published Jul 21, 2025
Withdrawn Advisory: Thor can construct an unsafe shell command from library input. High
CVE-2025-54314 was published for thor (RubyGems) Jul 20, 2025 withdrawn
odaysec
Credited to odaysec
A vulnerability has been found in Xuxueli xxl-job up to 3.1.1 and classified as critical.... Moderate Unreviewed
CVE-2025-7788 was published Jul 18, 2025
An unauthenticated command injection vulnerability exists in the cookie handling process of the... Critical Unreviewed
CVE-2025-34125 was published Jul 17, 2025
A remote code execution vulnerability exists in multiple Netcore and Netis routers models with... Critical Unreviewed
CVE-2025-34117 was published Jul 16, 2025
GitHub Kanban MCP Server vulnerable to Command Injection High
CVE-2025-53818 was published for @sunwood-ai-labs/github-kanban-mcp-server (npm) Jul 15, 2025
lirantal
Credited to lirantal
An authenticated multi-stage remote code execution vulnerability exists in Riverbed SteelCentral... Critical Unreviewed
CVE-2025-34112 was published Jul 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database