Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,100 advisories

Loading
An authenticated command injection vulnerability exists in Pi-hole versions up to 3.3. When... Critical Unreviewed
CVE-2025-34087 was published Jul 3, 2025
A command injection vulnerability exists in IGEL OS versions prior to 11.04.270 within the Secure... Critical Unreviewed
CVE-2025-34082 was published Jul 3, 2025
A vulnerability in Cisco Spaces Connector could allow an authenticated, local attacker to elevate... Moderate Unreviewed
CVE-2025-20308 was published Jul 2, 2025
An unauthenticated command injection vulnerability exists in stamparm/maltrail (Maltrail)... Critical Unreviewed
CVE-2025-34073 was published Jul 2, 2025
Conductor vulnerable to OS command injection through unrestricted access to Java classes Critical
CVE-2025-26074 was published for org.conductoross:conductor-core (Maven) Jun 30, 2025
A vulnerability classified as critical was found in D-Link DI-7300G+ 19.12.25A1. Affected by this... Moderate Unreviewed
CVE-2025-6897 was published Jun 30, 2025
A command injection in the networking service of the MIB3 infotainment allows an attacker already... High Unreviewed
CVE-2023-28906 was published Jun 28, 2025
An OS command injection issue exists in multiple versions of TB-eye network recorders and AHD... High Unreviewed
CVE-2025-36529 was published Jun 27, 2025
A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been classified as critical.... Moderate Unreviewed
CVE-2025-6618 was published Jun 26, 2025
A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical.... Moderate Unreviewed
CVE-2025-6619 was published Jun 26, 2025
A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of... Critical Unreviewed
CVE-2025-34039 was published Jun 26, 2025
Multiple wireless router models from Sapido have an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-6559 was published Jun 26, 2025
An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint... Critical Unreviewed
CVE-2025-34041 was published Jun 26, 2025
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and... Critical Unreviewed
CVE-2025-34035 was published Jun 26, 2025
An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting... Critical Unreviewed
CVE-2025-34036 was published Jun 26, 2025
An OS command injection vulnerability exists in the Blue Angel Software Suite running on embedded... High Unreviewed
CVE-2025-34033 was published Jun 26, 2025
iOS Simulator MCP Command Injection allowed via exec API Moderate
CVE-2025-52573 was published for ios-simulator-mcp (npm) Jun 26, 2025
lirantal
Credited to lirantal
Certain hybrid DVR models (HBF-09KD and HBF-16NK) from Hunt Electronic have an OS Command... High Unreviewed
CVE-2025-6562 was published Jun 26, 2025
A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been rated as critical. Affected... Moderate Unreviewed
CVE-2025-6620 was published Jun 26, 2025
A vulnerability classified as critical has been found in TOTOLINK CA300-PoE 6.2c.884. This... Moderate Unreviewed
CVE-2025-6621 was published Jun 26, 2025
A user with specific node group editing permissions and a specially crafted class parameter could... High Unreviewed
CVE-2025-5459 was published Jun 26, 2025
WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS... Critical Unreviewed
CVE-2025-48890 was published Jun 24, 2025
WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an improper neutralization of special... High Unreviewed
CVE-2025-41427 was published Jun 24, 2025
WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS... Critical Unreviewed
CVE-2025-43879 was published Jun 24, 2025
Meridian Technique Materialise OrthoView through 7.5.1 allows OS Command Injection when servlet... High Unreviewed
CVE-2025-23049 was published Jun 23, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database