Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,101 advisories

Loading
Powered BLUE 870 versions 0.20130927 and prior contain an OS command injection vulnerability. If... Moderate Unreviewed
CVE-2025-54958 was published Aug 8, 2025
An unauthenticated remote command execution vulnerability exists in AjaXplorer (now known as... Critical Unreviewed
CVE-2010-10013 was published Aug 8, 2025
The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2057) contains an... Critical Unreviewed
CVE-2012-10046 was published Aug 8, 2025
WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php... Critical Unreviewed
CVE-2012-10041 was published Aug 8, 2025
ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2... Critical Unreviewed
CVE-2012-10039 was published Aug 11, 2025
PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez... Critical Unreviewed
CVE-2012-10037 was published Aug 11, 2025
Openfiler v2.x contains a command injection vulnerability in the system.html page. The device... Critical Unreviewed
CVE-2012-10040 was published Aug 11, 2025
Withdrawn Advisory: bun vulnerable to OS Command Injection High
CVE-2025-8022 was published for bun (npm) Jul 23, 2025 withdrawn
lirantal
Credited to lirantal
Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability. This vulnerability... High Unreviewed
CVE-2023-38120 was published May 3, 2024
TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2023-39471 was published May 3, 2024
A improper neutralization of special elements used in an os command ('os command injection')... Moderate Unreviewed
CVE-2025-47857 was published Aug 12, 2025
An improper neutralization of special elements used in an OS command ('OS Command Injection')... Moderate Unreviewed
CVE-2025-27759 was published Aug 12, 2025
An improper neutralization of special elements used in an OS Command ("OS Command Injection")... High Unreviewed
CVE-2025-49813 was published Aug 12, 2025
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection.... Critical Unreviewed
CVE-2022-1292 was published May 4, 2022
NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute... High Unreviewed
CVE-2025-23294 was published Aug 13, 2025
Withdrawn Advisory: Thor can construct an unsafe shell command from library input. High
CVE-2025-54314 was published for thor (RubyGems) Jul 20, 2025 withdrawn
odaysec
Credited to odaysec
The /goform/formJsonAjaxReq POST endpoint of Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731... Moderate Unreviewed
CVE-2025-43989 was published Aug 13, 2025
Snort Report versions < 1.3.2 contains a remote command execution vulnerability in the nmap.php... Critical Unreviewed
CVE-2011-10017 was published Aug 13, 2025
Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection... Critical Unreviewed
CVE-2012-10059 was published Aug 13, 2025
OliveTin OS Command Injection vulnerability High
CVE-2025-50946 was published for github.com/OliveTin/OliveTin (Go) Aug 13, 2025
A vulnerability in the CLI of Cisco Secure Firewall Management Center (FMC) Software and Cisco... Moderate Unreviewed
CVE-2025-20220 was published Aug 14, 2025
An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software... Critical Unreviewed
CVE-2025-43984 was published Aug 14, 2025
An improper neutralization of special elements used in an OS command ('OS Command Injection')... Critical Unreviewed
CVE-2025-25256 was published Aug 12, 2025
CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used... Moderate Unreviewed
CVE-2021-30187 was published May 24, 2022
Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. This vulnerability... High Unreviewed
CVE-2023-42128 was published May 3, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database