Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,101 advisories

Loading
Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code High
CVE-2025-55284 was published for @anthropic-ai/claude-code (npm) Aug 18, 2025
Flowise OS command remote code execution Critical
CVE-2025-8943 was published for flowise (npm) Aug 14, 2025
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection... Moderate Unreviewed
CVE-2025-55589 was published Aug 18, 2025
FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in... Critical Unreviewed
CVE-2010-20059 was published Aug 20, 2025
The StrongDM Windows service incorrectly handled input validation. Authenticated attackers could... High Unreviewed
CVE-2025-6181 was published Aug 20, 2025
The StrongDM macOS client incorrectly processed JSON-formatted messages. Attackers could... High Unreviewed
CVE-2025-6183 was published Aug 20, 2025
Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class Critical
CVE-2025-53623 was published for job-iteration (RubyGems) Jul 14, 2025
calysteon yehuda-alt
Credited to calysteon and yehuda-alt
A vulnerability classified as critical was found in Ruijie RG-UAC 1.0. Affected by this... Moderate Unreviewed
CVE-2024-6184 was published Jun 20, 2024
A vulnerability, which was classified as critical, was found in Ruijie RG-UAC 1.0. This affects... Moderate Unreviewed
CVE-2024-6186 was published Jun 20, 2024
A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This... Moderate Unreviewed
CVE-2024-6187 was published Jun 20, 2024
A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC up to 20240506... Moderate Unreviewed
CVE-2024-4815 was published May 14, 2024
A vulnerability classified as critical was found in Ruijie RG-UAC up to 20240506. Affected by... Moderate Unreviewed
CVE-2024-4814 was published May 14, 2024
A vulnerability classified as critical has been found in Ruijie RG-UAC up to 20240506. Affected... Moderate Unreviewed
CVE-2024-4813 was published May 14, 2024
A vulnerability, which was classified as critical, was found in Ruijie RG-UAC up to 20240506.... Moderate Unreviewed
CVE-2024-4816 was published May 14, 2024
A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS... Critical Unreviewed
CVE-2025-3128 was published Aug 21, 2025
An high privileged remote attacker can enable telnet access that accepts hardcoded credentials.  Critical Unreviewed
CVE-2024-28751 was published Jul 9, 2024
An improper input validation vulnerability was discovered in the NTP server configuration field... High Unreviewed
CVE-2025-22495 was published Feb 24, 2025
Multiple vulnerabilities in the CLI and web-based management interface of Cisco UCS Manager... Moderate Unreviewed
CVE-2025-20294 was published Aug 27, 2025
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker... Moderate Unreviewed
CVE-2025-20292 was published Aug 27, 2025
A vulnerability in the CLI of Cisco UCS Manager Software could allow an authenticated, local... Moderate Unreviewed
CVE-2025-20295 was published Aug 27, 2025
The Calamaris log exporter CGI (/cgi-bin/logs.cgi/calamaris.dat) in IPFire 2.29 does not properly... Moderate Unreviewed
CVE-2025-50974 was published Aug 26, 2025
LLama Factory Remote OS Command Injection Vulnerability High
CVE-2024-52803 was published for llamafactory (pip) Nov 21, 2024
superboy-zjc
Credited to superboy-zjc
A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated... Critical Unreviewed
CVE-2024-13985 was published Aug 28, 2025
AnyShare contains a critical unauthenticated remote code execution vulnerability in the... Critical Unreviewed
CVE-2025-34160 was published Aug 28, 2025
D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command... Critical Unreviewed
CVE-2025-55583 was published Aug 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database