Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,100 advisories

Loading
Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution... Critical Unreviewed
CVE-2020-36856 was published Oct 31, 2025
Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF... High Unreviewed
CVE-2020-36867 was published Oct 31, 2025
Jenkins Azure CLI Plugin does not restrict the commands it executes High
CVE-2025-64140 was published for org.jenkins-ci.plugins:azure-cli (Maven) Oct 29, 2025
Apache Airflow has a command injection vulnerability in "example_dag_decorator" Moderate
CVE-2025-54941 was published for apache-airflow (pip) Oct 30, 2025
PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution... Critical Unreviewed
CVE-2025-63334 was published Nov 5, 2025
OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted... Critical Unreviewed
CVE-2025-61304 was published Nov 5, 2025
Magento OS Command ('OS Command Injection') vulnerability High
CVE-2024-39401 was published for magento/community-edition (Composer) Aug 14, 2024
Magento OS Command ('OS Command Injection') vulnerability High
CVE-2024-39402 was published for magento/community-edition (Composer) Aug 14, 2024
Magento XML Injection vulnerability in the Widgets Update Layout Critical
CVE-2021-36023 was published for magento/community-edition (Composer) Sep 6, 2023
Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto... High Unreviewed
CVE-2013-10073 was published Oct 31, 2025
Nagios XI versions prior to 2024R1.2 are vulnerable to remote code execution (RCE) through its... Critical Unreviewed
CVE-2024-14003 was published Oct 31, 2025
Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker... Critical Unreviewed
CVE-2024-14005 was published Oct 31, 2025
Nagios XI versions prior to 2024R1.3.2 contain a remote command execution vulnerability in the... Critical Unreviewed
CVE-2024-14008 was published Oct 31, 2025
Nagios XI versions prior to 2024R1.4.2 contain a remote code execution vulnerability in the... Critical Unreviewed
CVE-2025-34134 was published Oct 31, 2025
Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin.... Critical Unreviewed
CVE-2025-34284 was published Oct 31, 2025
Nagios XI versions prior to 2026R1 contain a remote code execution vulnerability in the Core... Critical Unreviewed
CVE-2025-34286 was published Oct 31, 2025
Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP... High Unreviewed
CVE-2025-34280 was published Oct 31, 2025
Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in... High Unreviewed
CVE-2025-34239 was published Nov 6, 2025
evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability. This... High Unreviewed
CVE-2025-12489 was published Nov 6, 2025
D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command... Critical Unreviewed
CVE-2022-50596 was published Nov 6, 2025
@react-native-community/cli has arbitrary OS command injection Critical
CVE-2025-11953 was published for @react-native-community/cli (npm) Nov 3, 2025
Malayke cylewaitforit
Credited to Malayke and cylewaitforit
Magento XML Injection vulnerability in the Widgets Update Layout High
CVE-2021-36022 was published for magento/community-edition (Composer) May 24, 2022
Cross-site Scripting vulnerability in NEC Corporation UNIVERGE IX from Ver.9.5 to Ver.10.7, from... Critical Unreviewed
CVE-2025-11546 was published Nov 7, 2025
A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration... Critical Unreviewed
CVE-2025-10230 was published Nov 7, 2025
Magento is affected by an os command injection via the Data collection endpoint High
CVE-2021-36024 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database