Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,100 advisories

Loading
A vulnerability classified as critical has been found in Teledyne FLIR AX8 up to 1.46.16.... Critical Unreviewed
CVE-2022-4364 was published Dec 8, 2022
When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and... High Unreviewed
CVE-2025-53868 was published Oct 15, 2025
When a user attempts to initialize the rSeries FIPS module using a password with special shell... Moderate Unreviewed
CVE-2025-60013 was published Oct 15, 2025
A vulnerability in the `start_app_server` function of parisneo/lollms-webui V12 (Strawberry)... Moderate Unreviewed
CVE-2024-10019 was published Mar 20, 2025
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed
CVE-2025-11005 was published Sep 25, 2025
`git-comiters` Command Injection vulnerability High
CVE-2025-59831 was published for git-commiters (npm) Sep 22, 2025
lirantal
Credited to lirantal
The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-11900 was published Oct 17, 2025
Netty has SMTP Command Injection Vulnerability that Allows Email Forgery High
CVE-2025-59419 was published for io.netty:netty-codec-smtp (Maven) Oct 15, 2025
DepthFirstDisclosures
Credited to DepthFirstDisclosures
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from... High Unreviewed
CVE-2025-8078 was published Oct 21, 2025
GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command... Critical Unreviewed
CVE-2018-25118 was published Oct 21, 2025
TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2025-61045 was published Oct 1, 2025
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker... Moderate Unreviewed
CVE-2024-20399 was published Jul 1, 2024
ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated... Critical Unreviewed
CVE-2017-6077 was published May 17, 2022
A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware... High Unreviewed
CVE-2017-6884 was published May 17, 2022
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... High Unreviewed
CVE-2017-3506 was published May 13, 2022
VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection... High Unreviewed
CVE-2018-6961 was published May 13, 2022
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell... Critical Unreviewed
CVE-2018-14933 was published May 13, 2022
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host... Critical Unreviewed
CVE-2018-10562 was published May 13, 2022
The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8... Critical Unreviewed
CVE-2018-11138 was published May 13, 2022
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325... High Unreviewed
CVE-2019-1652 was published May 13, 2022
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG... Critical Unreviewed
CVE-2019-3929 was published May 24, 2022
The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by... Critical Unreviewed
CVE-2017-18368 was published May 24, 2022
LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary... Critical Unreviewed
CVE-2018-14839 was published May 24, 2022
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows... High Unreviewed
CVE-2019-17621 was published May 24, 2022
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via... High Unreviewed
CVE-2020-12641 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database