Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,100 advisories

Loading
An unauthenticated command injection vulnerability exists in WePresent WiPG-1000 firmware... Critical Unreviewed
CVE-2025-34103 was published Jul 15, 2025
Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class Critical
CVE-2025-53623 was published for job-iteration (RubyGems) Jul 14, 2025
calysteon yehuda-alt
Credited to calysteon and yehuda-alt
The iSherlock developed by Hgiga has an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-7451 was published Jul 14, 2025
A vulnerability classified as critical has been found in D-Link DIR-818LW up to 20191215. This... Moderate Unreviewed
CVE-2025-7553 was published Jul 14, 2025
Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0... High Unreviewed
CVE-2013-3307 was published Jul 11, 2025
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... High Unreviewed
CVE-2025-52988 was published Jul 11, 2025
phpThumb is vulnerable to Command Injection through its gif_outputAsJpeg function Moderate
CVE-2025-52994 was published for james-heinrich/phpthumb (Composer) Jul 11, 2025
A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version... Moderate Unreviewed
CVE-2025-52089 was published Jul 11, 2025
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'... Critical Unreviewed
CVE-2025-50121 was published Jul 11, 2025
An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically... Critical Unreviewed
CVE-2025-34095 was published Jul 10, 2025
An authenticated command injection vulnerability exists in the Polycom HDX Series command shell... High Unreviewed
CVE-2025-34093 was published Jul 10, 2025
mcp-remote exposed to OS command injection via untrusted MCP server connections Critical
CVE-2025-6514 was published for mcp-remote (npm) Jul 9, 2025
The device has two web servers that expose unauthenticated REST APIs on the management network ... Critical Unreviewed
CVE-2025-3499 was published Jul 9, 2025
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper... High Unreviewed
CVE-2025-49537 was published Jul 8, 2025
OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 ... High Unreviewed
CVE-2025-6771 was published Jul 8, 2025
OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a... High Unreviewed
CVE-2025-6770 was published Jul 8, 2025
An unauthenticated local attacker can inject a command that is subsequently executed as root,... High Unreviewed
CVE-2025-25269 was published Jul 8, 2025
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that... Moderate Unreviewed
CVE-2025-20319 was published Jul 7, 2025
A remote attacker with administrator account can gain full control of the device due to improper... Critical Unreviewed
CVE-2025-3626 was published Jul 7, 2025
A physical attacker with no privileges can gain full control of the affected device due to... Moderate Unreviewed
CVE-2025-3705 was published Jul 7, 2025
An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this... Critical Unreviewed
CVE-2025-48501 was published Jul 7, 2025
ThreatSonar Anti-Ransomware developed by TeamT5 has an OS Command Injection vulnerability,... High Unreviewed
CVE-2025-7145 was published Jul 7, 2025
A vulnerability, which was classified as critical, has been found in Comodo Internet Security... High Unreviewed
CVE-2025-7097 was published Jul 7, 2025
In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), shell... Moderate Unreviewed
CVE-2025-47228 was published Jul 5, 2025
An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and... High Unreviewed
CVE-2025-34088 was published Jul 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database