Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,100 advisories

Loading
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via... High Unreviewed
CVE-2021-3621 was published Dec 24, 2021
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers... Critical Unreviewed
CVE-2023-28617 was published Mar 19, 2023
A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows... High Unreviewed
CVE-2025-1244 was published Feb 12, 2025
A high privileged remote attacker can execute arbitrary system commands via POST requests in the... High Unreviewed
CVE-2025-41673 was published Jul 21, 2025
A high privileged remote attacker can execute arbitrary system commands via GET requests in the... High Unreviewed
CVE-2025-41675 was published Jul 21, 2025
A high privileged remote attacker can execute arbitrary system commands via POST requests in the... High Unreviewed
CVE-2025-41674 was published Jul 21, 2025
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain... High Unreviewed
CVE-2025-44960 was published Aug 4, 2025
Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt... Moderate Unreviewed
CVE-2025-27804 was published May 21, 2025
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'... Critical Unreviewed
CVE-2025-50121 was published Jul 11, 2025
In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP... Critical Unreviewed
CVE-2025-44961 was published Aug 4, 2025
motionEye vulnerable to RCE via unsanitized motion config parameter High
CVE-2025-60787 was published for motioneye (pip) Nov 3, 2025
prabhatverma47 MichaIng
Credited to prabhatverma47 and MichaIng
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote... High Unreviewed
CVE-2020-4428 was published May 24, 2022
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further... Critical Unreviewed
CVE-2022-2068 was published Jun 22, 2022
Three OS command injection vulnerabilities exist in the web interface I/O configuration... High Unreviewed
CVE-2024-28027 was published Aug 26, 2025
Three OS command injection vulnerabilities exist in the web interface I/O configuration... High Unreviewed
CVE-2024-28025 was published Aug 26, 2025
Three OS command injection vulnerabilities exist in the web interface I/O configuration... High Unreviewed
CVE-2024-28026 was published Aug 26, 2025
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library ... High Unreviewed
CVE-2024-11003 was published Nov 19, 2024
An unauthenticated attacker with network access to the affected device's web interface can... High Unreviewed
CVE-2024-28138 was published Dec 10, 2024
vm2 Sandbox Escape vulnerability Critical
CVE-2023-37903 was published for vm2 (npm) Jul 13, 2023
leesh3288
Credited to leesh3288
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments Critical
CVE-2023-40267 was published for GitPython (pip) Aug 11, 2023
An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of... High Unreviewed
CVE-2024-32937 was published Jul 3, 2024
Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek... High Unreviewed
CVE-2023-50382 was published Jul 8, 2024
Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek... High Unreviewed
CVE-2023-50381 was published Jul 8, 2024
Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are... High Unreviewed
CVE-2024-33896 was published Aug 2, 2024
An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell... High Unreviewed
CVE-2024-8504 was published Sep 10, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database