Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,100 advisories

Loading
A vulnerability, which was classified as critical, has been found in SourceCodester Web-based... Moderate Unreviewed
CVE-2025-3729 was published Apr 16, 2025
Whoogle allows attackers to execute arbitrary code via supplying a crafted search query High
CVE-2024-53305 was published for whoogle-search (pip) Apr 16, 2025
The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command... Critical Unreviewed
CVE-2025-28137 was published Apr 15, 2025
A command injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an... Moderate Unreviewed
CVE-2025-0119 was published Apr 11, 2025
OS command injection vulnerability exists in Deco BE65 Pro firmware versions prior to "Deco BE65... High Unreviewed
CVE-2025-32107 was published Apr 11, 2025
A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated... High Unreviewed
CVE-2025-0127 was published Apr 11, 2025
OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC... High Unreviewed
CVE-2025-25053 was published Apr 9, 2025
OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT 'AC-WPS-11ac... Critical Unreviewed
CVE-2025-27797 was published Apr 9, 2025
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper... High Unreviewed
CVE-2025-30286 was published Apr 8, 2025
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper... High Unreviewed
CVE-2025-30289 was published Apr 8, 2025
A vulnerability in a system binary of AOS-8 Instant and AOS-10 AP could allow an authenticated... Moderate Unreviewed
CVE-2025-27078 was published Apr 8, 2025
A vulnerability in the file creation process on the command line interface of AOS-8 Instant and... Moderate Unreviewed
CVE-2025-27079 was published Apr 8, 2025
An improper neutralization of special elements used in an OS command ('OS Command Injection')... High Unreviewed
CVE-2024-54024 was published Apr 8, 2025
An improper neutralization of special elements used in an OS command ('OS Command Injection')... Moderate Unreviewed
CVE-2024-54025 was published Apr 8, 2025
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web... Critical Unreviewed
CVE-2024-41790 was published Apr 8, 2025
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web... Critical Unreviewed
CVE-2024-41788 was published Apr 8, 2025
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web... Critical Unreviewed
CVE-2024-41789 was published Apr 8, 2025
The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-3363 was published Apr 8, 2025
The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-3362 was published Apr 8, 2025
The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-3361 was published Apr 8, 2025
An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6... Critical Unreviewed
CVE-2021-47667 was published Apr 5, 2025
Stored Cross-Site Scripting (XSS) in DoWISP in versions prior to 1.16.2.50, which consists of an... Moderate Unreviewed
CVE-2025-3189 was published Apr 4, 2025
jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal" High
CVE-2025-30370 was published for jupyterlab-git (pip) Apr 4, 2025
dlqqq rpwagner
krassowski
Credited to dlqqq, rpwagner, and krassowski
Netwrix Password Secure 9.2.0.32454 allows OS command injection. Critical Unreviewed
CVE-2025-26817 was published Apr 3, 2025
A remote attacker with web administrator privileges can exploit the device’s web interface to... Critical Unreviewed
CVE-2025-0415 was published Apr 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database