Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,101 advisories

Loading
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /_internal... Critical Unreviewed
CVE-2025-36846 was published Jul 21, 2025
WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS... High Unreviewed
CVE-2025-53472 was published Jul 22, 2025
A command injection vulnerability exists that can be exploited after authentication in VIGI... High Unreviewed
CVE-2025-7723 was published Jul 22, 2025
An unauthenticated OS command injection vulnerability exists in VIGI NVR1104H-4P V1 and VIGI... Critical Unreviewed
CVE-2025-7724 was published Jul 22, 2025
Improper neutralization of special elements used in an OS command ('OS Command Injection')... High Unreviewed
CVE-2024-53286 was published Jul 23, 2025
An authenticated remote attacker can execute arbitrary commands with root privileges on affected... High Unreviewed
CVE-2025-41683 was published Jul 23, 2025
An authenticated remote attacker can execute arbitrary commands with root privileges on affected... High Unreviewed
CVE-2025-41684 was published Jul 23, 2025
A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated,... High Unreviewed
CVE-2021-1264 was published May 24, 2022
Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code... Critical Unreviewed
CVE-2022-4978 was published Jul 23, 2025
An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and... Critical Unreviewed
CVE-2015-10141 was published Jul 23, 2025
The web application allows user input to pass unfiltered to a command executed on the underlying... Critical Unreviewed
CVE-2025-24936 was published Jul 21, 2025
The web application allows user input to pass unfiltered to a command executed on the underlying... High Unreviewed
CVE-2025-24938 was published Jul 21, 2025
The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions... Critical Unreviewed
CVE-2019-25224 was published Jul 25, 2025
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used... Critical Unreviewed
CVE-2025-5243 was published Jul 25, 2025
A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The... Critical Unreviewed
CVE-2014-125118 was published Jul 25, 2025
Calibre Web and Autocaliweb have OS Command Injection vulnerability Moderate
CVE-2025-7404 was published for calibreweb (pip) Jul 24, 2025
gelbphoenix
Credited to gelbphoenix
OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to... Critical Unreviewed
CVE-2025-53695 was published Jul 28, 2025
Duplicate Advisory: gix-transport code execution vulnerability Moderate
GHSA-5c5j-jmhx-q2gr was published for gix-transport (Rust) Jul 28, 2025 withdrawn
gix-transport code execution vulnerability Moderate
CVE-2023-53158 was published for gix-transport (Rust) Sep 25, 2023
EliahKagan
Credited to EliahKagan
CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability Critical
CVE-2025-54418 was published for codeigniter4/framework (Composer) Jul 28, 2025
vicevirus
Credited to vicevirus
An authenticated remote code execution vulnerability in PowerStick Wave Dual-Band Wifi Extender... High Unreviewed
CVE-2025-29534 was published Jul 28, 2025
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS... High Unreviewed
CVE-2024-8755 was published Oct 11, 2024
A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in... High Unreviewed
CVE-2013-10039 was published Jul 31, 2025
An OS command injection vulnerability exists in WebTester version 5.x via the install2.php... Critical Unreviewed
CVE-2013-10037 was published Jul 31, 2025
An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to... Critical Unreviewed
CVE-2014-125124 was published Jul 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database