GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,603
Composer 5,006
Erlang 39
GitHub Actions 38
Go 2,636
Maven 6,104
npm 4,262
NuGet 760
pip 4,057
Pub 12
RubyGems 956
Rust 1,054
Swift 45

Unreviewed advisories

All unreviewed 276,787

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

4,102 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Multiple wireless router models from Sapido have an OS Command Injection vulnerability, allowing... Critical Unreviewed

CVE-2025-6559 was published Jun 26, 2025

An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint... Critical Unreviewed

CVE-2025-34041 was published Jun 26, 2025

An OS command injection issue exists in multiple versions of TB-eye network recorders and AHD... High Unreviewed

CVE-2025-36529 was published Jun 27, 2025

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been rated as critical. Affected... Moderate Unreviewed

CVE-2025-6620 was published Jun 26, 2025

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been classified as critical.... Moderate Unreviewed

CVE-2025-6618 was published Jun 26, 2025

A vulnerability classified as critical has been found in TOTOLINK CA300-PoE 6.2c.884. This... Moderate Unreviewed

CVE-2025-6621 was published Jun 26, 2025

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical.... Moderate Unreviewed

CVE-2025-6619 was published Jun 26, 2025

A command injection in the networking service of the MIB3 infotainment allows an attacker already... High Unreviewed

CVE-2023-28906 was published Jun 28, 2025

Command injection vulnerability in MZK-MF300N all firmware versions allows a network-adjacent... High Unreviewed

CVE-2024-30220 was published Apr 15, 2024

Conductor vulnerable to OS command injection through unrestricted access to Java classes Critical

CVE-2025-26074 was published for org.conductoross:conductor-core (Maven) Jun 30, 2025

A vulnerability classified as critical was found in D-Link DI-7300G+ 19.12.25A1. Affected by this... Moderate Unreviewed

CVE-2025-6897 was published Jun 30, 2025

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013... Moderate Unreviewed

CVE-2025-5447 was published Jun 2, 2025

An unauthenticated command injection vulnerability exists in stamparm/maltrail (Maltrail)... Critical Unreviewed

CVE-2025-34073 was published Jul 2, 2025

A vulnerability in Cisco Spaces Connector could allow an authenticated, local attacker to elevate... Moderate Unreviewed

CVE-2025-20308 was published Jul 2, 2025

A command injection vulnerability exists in IGEL OS versions prior to 11.04.270 within the Secure... Critical Unreviewed

CVE-2025-34082 was published Jul 3, 2025

In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), shell... Moderate Unreviewed

CVE-2025-47228 was published Jul 5, 2025

ThreatSonar Anti-Ransomware developed by TeamT5 has an OS Command Injection vulnerability,... High Unreviewed

CVE-2025-7145 was published Jul 7, 2025

An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this... Critical Unreviewed

CVE-2025-48501 was published Jul 7, 2025

A remote attacker with administrator account can gain full control of the device due to improper... Critical Unreviewed

CVE-2025-3626 was published Jul 7, 2025

A physical attacker with no privileges can gain full control of the affected device due to... Moderate Unreviewed

CVE-2025-3705 was published Jul 7, 2025

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that... Moderate Unreviewed

CVE-2025-20319 was published Jul 7, 2025

An unauthenticated local attacker can inject a command that is subsequently executed as root,... High Unreviewed

CVE-2025-25269 was published Jul 8, 2025

OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a... High Unreviewed

CVE-2025-6770 was published Jul 8, 2025

ping.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog... High Unreviewed

CVE-2012-5863 was published May 17, 2022

OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 ... High Unreviewed

CVE-2025-6771 was published Jul 8, 2025

Previous 1…142…165 Next

Previous 1 2 … 140 141 142 143 144 … 164 165 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

4,102 advisories