Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,102 advisories

Loading
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013... Moderate Unreviewed
CVE-2025-5445 was published Jun 2, 2025
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... High Unreviewed
CVE-2025-31104 was published Jun 10, 2025
An unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands... High Unreviewed
CVE-2025-41663 was published Jun 11, 2025
The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is... High Unreviewed
CVE-2024-6486 was published May 15, 2025
A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated... High Unreviewed
CVE-2025-4230 was published Jun 13, 2025
Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote... Critical Unreviewed
CVE-2022-45699 was published Feb 10, 2023
A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to... Critical Unreviewed
CVE-2024-33792 was published May 3, 2024
Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due... High Unreviewed
CVE-2025-39240 was published Jun 13, 2025
H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injection vulnerability via the... High Unreviewed
CVE-2022-36509 was published Aug 26, 2022
H3C GR2200 MiniGR1A0V100R014 was discovered to contain a command injection vulnerability via the... High Unreviewed
CVE-2022-36510 was published Aug 26, 2022
HaxCMS-PHP Command Injection Vulnerability High
CVE-2025-49141 was published for @haxtheweb/haxcms-nodejs (npm) Jun 9, 2025
userRPR
Credited to userRPR
An issue was discovered in libremote_dbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices.... Critical Unreviewed
CVE-2023-49235 was published Jan 9, 2024
An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute... Critical Unreviewed
CVE-2023-51123 was published Jan 11, 2024
Authenticated user can execute arbitrary commands in the context of the root user by providing... High Unreviewed
CVE-2023-49254 was published Jan 12, 2024
Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who... Moderate Unreviewed
CVE-2024-22366 was published Jan 24, 2024
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE)... Critical Unreviewed
CVE-2023-52029 was published Jan 11, 2024
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE)... Critical Unreviewed
CVE-2023-52028 was published Jan 11, 2024
Ackites KillWxapkg vulnerable to OS Command Injection Low
CVE-2025-5030 was published for github.com/Ackites/KillWxapkg (Go) May 21, 2025
Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input... High Unreviewed
CVE-2025-2172 was published Jun 23, 2025
WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS... Critical Unreviewed
CVE-2025-43879 was published Jun 24, 2025
WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS... Critical Unreviewed
CVE-2025-48890 was published Jun 24, 2025
WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an improper neutralization of special... High Unreviewed
CVE-2025-41427 was published Jun 24, 2025
Certain hybrid DVR models (HBF-09KD and HBF-16NK) from Hunt Electronic have an OS Command... High Unreviewed
CVE-2025-6562 was published Jun 26, 2025
iOS Simulator MCP Command Injection allowed via exec API Moderate
CVE-2025-52573 was published for ios-simulator-mcp (npm) Jun 26, 2025
lirantal
Credited to lirantal
A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of... Critical Unreviewed
CVE-2025-34039 was published Jun 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database