Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,101 advisories

Loading
A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted element is an unknown... Moderate Unreviewed
CVE-2025-9579 was published Aug 28, 2025
A vulnerability has been found in Xuxueli xxl-job up to 3.1.1 and classified as critical.... Moderate Unreviewed
CVE-2025-7788 was published Jul 18, 2025
Certain models of NVR developed by Digiever has an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-10265 was published Sep 12, 2025
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an... High Unreviewed
CVE-2025-27234 was published Sep 12, 2025
OS Command ('OS Command Injection') vulnerability in Calix GigaCenter ONT (Quantenna SoC modules)... High Unreviewed
CVE-2025-54084 was published Sep 9, 2025
A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of... Moderate Unreviewed
CVE-2025-9176 was published Aug 20, 2025
A vulnerability was identified in Ruijie WS7204-A 2017.06.15. Affected by this vulnerability is... Moderate Unreviewed
CVE-2025-9424 was published Aug 26, 2025
A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an unknown function of the file ... Moderate Unreviewed
CVE-2025-9387 was published Aug 24, 2025
Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation Critical
CVE-2025-54123 was published for github.com/SpectoLabs/hoverfly (Go) Sep 10, 2025
Kr1shna4garwal
Credited to Kr1shna4garwal
wong2 mcp-cli Command Injection Vulnerability Low
CVE-2025-9262 was published for @wong2/mcp-cli (npm) Aug 21, 2025
Flowise has unsandboxed remote code execution via Custom MCP High
GHSA-6933-jpx5-q87q was published for flowise (npm) Sep 15, 2025
assaf-levkovich-jf
Credited to assaf-levkovich-jf
Chaos Controller Manager is vulnerable to OS command injection Critical
CVE-2025-59361 was published for github.com/chaos-mesh/chaos-mesh (Go) Sep 15, 2025
Chaos Controller Manager is vulnerable to OS command injection Critical
CVE-2025-59359 was published for github.com/chaos-mesh/chaos-mesh (Go) Sep 15, 2025
Chaos Controller Manager is vulnerable to OS command injection Critical
CVE-2025-59360 was published for github.com/chaos-mesh/chaos-mesh (Go) Sep 15, 2025
A vulnerability was determined in neurobin shc up to 4.0.3. This vulnerability affects the... Moderate Unreviewed
CVE-2025-9174 was published Aug 20, 2025
System command injection through Netflow function due to improper input validation, allowing... Critical Unreviewed
CVE-2024-35304 was published Jun 10, 2024
OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by... High Unreviewed
CVE-2024-35306 was published Jun 10, 2024
An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and... High Unreviewed
CVE-2025-34088 was published Jul 3, 2025
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue... High Unreviewed
CVE-2025-58116 was published Sep 17, 2025
The N-Reporter, N-Cloud, and N-Probe developed by N-Partner has an OS Command Injection... High Unreviewed
CVE-2025-10589 was published Sep 17, 2025
In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can... High Unreviewed
CVE-2025-59518 was published Sep 17, 2025
The N-Reporter, N-Cloud, and N-Probe developed by N-Partner has an OS Command Injection... Critical Unreviewed
CVE-2025-9972 was published Sep 17, 2025
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line... High Unreviewed
CVE-2025-37126 was published Sep 17, 2025
A vulnerable feature in the command line interface of EdgeConnect SD-WAN could allow an... Moderate Unreviewed
CVE-2025-37129 was published Sep 17, 2025
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python... Critical Unreviewed
CVE-2025-23316 was published Sep 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database