Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,102 advisories

Loading
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper... High Unreviewed
CVE-2025-49537 was published Jul 8, 2025
The device has two web servers that expose unauthenticated REST APIs on the management network ... Critical Unreviewed
CVE-2025-3499 was published Jul 9, 2025
mcp-remote exposed to OS command injection via untrusted MCP server connections Critical
CVE-2025-6514 was published for mcp-remote (npm) Jul 9, 2025
An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting... Critical Unreviewed
CVE-2025-34036 was published Jun 26, 2025
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and... Critical Unreviewed
CVE-2025-34035 was published Jun 26, 2025
An OS command injection vulnerability exists in the Blue Angel Software Suite running on embedded... High Unreviewed
CVE-2025-34033 was published Jun 26, 2025
An authenticated command injection vulnerability exists in the Polycom HDX Series command shell... High Unreviewed
CVE-2025-34093 was published Jul 10, 2025
An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically... Critical Unreviewed
CVE-2025-34095 was published Jul 10, 2025
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... High Unreviewed
CVE-2025-52988 was published Jul 11, 2025
Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0... High Unreviewed
CVE-2013-3307 was published Jul 11, 2025
phpThumb is vulnerable to Command Injection through its gif_outputAsJpeg function Moderate
CVE-2025-52994 was published for james-heinrich/phpthumb (Composer) Jul 11, 2025
The iSherlock developed by Hgiga has an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-7451 was published Jul 14, 2025
A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version... Moderate Unreviewed
CVE-2025-52089 was published Jul 11, 2025
An unauthenticated command injection vulnerability exists in WePresent WiPG-1000 firmware... Critical Unreviewed
CVE-2025-34103 was published Jul 15, 2025
An authenticated multi-stage remote code execution vulnerability exists in Riverbed SteelCentral... Critical Unreviewed
CVE-2025-34112 was published Jul 15, 2025
GitHub Kanban MCP Server vulnerable to Command Injection High
CVE-2025-53818 was published for @sunwood-ai-labs/github-kanban-mcp-server (npm) Jul 15, 2025
lirantal
Credited to lirantal
Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below contains an authenticated... Moderate Unreviewed
CVE-2025-52379 was published Jul 15, 2025
A vulnerability, which was classified as critical, was found in Tenda AC7 1200M 15.03.06.44.... Moderate Unreviewed
CVE-2025-1819 was published Mar 2, 2025
A remote code execution vulnerability exists in multiple Netcore and Netis routers models with... Critical Unreviewed
CVE-2025-34117 was published Jul 16, 2025
An unauthenticated command injection vulnerability exists in the cookie handling process of the... Critical Unreviewed
CVE-2025-34125 was published Jul 17, 2025
A vulnerability classified as critical has been found in D-Link DIR-818LW up to 20191215. This... Moderate Unreviewed
CVE-2025-7553 was published Jul 14, 2025
A vulnerability, which was classified as critical, has been found in Comodo Internet Security... High Unreviewed
CVE-2025-7097 was published Jul 7, 2025
A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21... High Unreviewed
CVE-2025-7382 was published Jul 21, 2025
An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos... Critical Unreviewed
CVE-2025-6704 was published Jul 21, 2025
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139... High Unreviewed
CVE-2025-46117 was published Jul 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database