Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,101 advisories

Loading
An OS command injection vulnerability has been reported to affect several product versions. If... High Unreviewed
CVE-2024-48861 was published Nov 22, 2024
A command injection vulnerability has been reported to affect QHora. If exploited, the... High Unreviewed
CVE-2024-50390 was published Mar 7, 2025
An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT... Critical Unreviewed
CVE-2025-56819 was published Sep 24, 2025
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file... Critical Unreviewed
CVE-2025-34187 was published Sep 16, 2025
Dell Cloud Disaster Recovery, version(s) prior to 19.20, contain(s) an Improper Neutralization of... Moderate Unreviewed
CVE-2025-43943 was published Sep 25, 2025
mcp-kubernetes-server has an OS Command Injection vulnerability Critical
CVE-2025-59377 was published for mcp-kubernetes-server (pip) Sep 15, 2025
cai0duque
Credited to cai0duque
NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A... Critical Unreviewed
CVE-2024-12847 was published Jan 10, 2025
Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email High
CVE-2025-59041 was published for @anthropic-ai/claude-code (npm) Sep 10, 2025
cai0duque
Credited to cai0duque
Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the... High Unreviewed
CVE-2025-60017 was published Sep 26, 2025
Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2... High Unreviewed
CVE-2025-35027 was published Sep 26, 2025
Command Injection in adb-mcp MCP Server Critical
CVE-2025-59834 was published for adb-mcp (npm) Sep 24, 2025
lirantal
Credited to lirantal
Argument injection vulnerability in SonarQube Scan Action High
CVE-2025-59844 was published for SonarSource/sonarqube-scan-action (GitHub Actions) Sep 26, 2025
An OS command injection vulnerability in user interface in Western Digital My Cloud firmware... Critical Unreviewed
CVE-2025-30247 was published Sep 29, 2025
IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to... High Unreviewed
CVE-2025-36245 was published Sep 30, 2025
The Post By Email plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed
CVE-2025-9762 was published Sep 30, 2025
The Telenium Online Web Application is vulnerable due to a PHP endpoint accessible to... Critical Unreviewed
CVE-2025-10659 was published Sep 30, 2025
Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible... Critical Unreviewed
CVE-2024-1297 was published Feb 20, 2024
Meridian Technique Materialise OrthoView through 7.5.1 allows OS Command Injection when servlet... High Unreviewed
CVE-2025-23049 was published Jun 23, 2025
An authenticated command injection vulnerability exists in Pi-hole versions up to 3.3. When... Critical Unreviewed
CVE-2025-34087 was published Jul 3, 2025
A vulnerability classified as critical was found in westboy CicadasCMS 2.0. This vulnerability... Moderate Unreviewed
CVE-2025-3816 was published Apr 19, 2025
A weakness has been identified in D-Link DIR-816L 206b01. Affected by this issue is the function... Moderate Unreviewed
CVE-2025-9727 was published Oct 1, 2025
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... High Unreviewed
CVE-2024-52058 was published Dec 13, 2024
A potential command injection vulnerability has been identified in the Poly Clariti Manager for... Moderate Unreviewed
CVE-2025-43020 was published Jul 23, 2025
Ericsson Indoor Connect 8855 contains a command injection vulnerability which if exploited can... High Unreviewed
CVE-2025-27262 was published Sep 25, 2025
A security flaw has been discovered in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an... Moderate Unreviewed
CVE-2025-10326 was published Sep 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database