Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,002 advisories

Loading
myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable... High Unreviewed
CVE-2021-46850 was published Oct 24, 2022
goshs route not protected, allows command execution Critical
CVE-2025-46816 was published for github.com/patrickhener/goshs (Go) May 6, 2025
Guilhem7
Credited to Guilhem7
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the... Moderate Unreviewed
CVE-2025-45488 was published May 6, 2025
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the... Moderate Unreviewed
CVE-2025-45490 was published May 6, 2025
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the... Moderate Unreviewed
CVE-2025-45487 was published May 6, 2025
An issue in the component /internals/functions of R-fx Networks Linux Malware Detect v1.6.5... Moderate Unreviewed
CVE-2025-26262 was published May 6, 2025
Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the... Moderate Unreviewed
CVE-2025-45492 was published May 6, 2025
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the... Moderate Unreviewed
CVE-2025-45489 was published May 6, 2025
A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3... High Unreviewed
CVE-2024-22061 was published Apr 19, 2024
Terraform WinDNS Provider improperly sanitizes input variables in `windns_record` Low
CVE-2025-46735 was published for github.com/nrkno/terraform-provider-windns (Go) May 6, 2025
polo-sec sjurtf
Foxboron
Credited to polo-sec, sjurtf, and Foxboron
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the... Critical Unreviewed
CVE-2025-44877 was published May 2, 2025
Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the... Critical Unreviewed
CVE-2025-44868 was published May 2, 2025
Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper... Moderate Unreviewed
CVE-2025-22476 was published May 6, 2025
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the... Critical Unreviewed
CVE-2025-44872 was published May 2, 2025
A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on... Critical Unreviewed
CVE-2018-9866 was published May 13, 2022
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection... Moderate Unreviewed
CVE-2024-57234 was published May 5, 2025
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection... Moderate Unreviewed
CVE-2024-57235 was published May 5, 2025
NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection... Moderate Unreviewed
CVE-2024-57233 was published May 5, 2025
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection... Moderate Unreviewed
CVE-2024-57231 was published May 5, 2025
An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1... Moderate Unreviewed
CVE-2025-25504 was published May 5, 2025
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection... Moderate Unreviewed
CVE-2024-57229 was published May 5, 2025
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection... Moderate Unreviewed
CVE-2024-57230 was published May 5, 2025
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection... Moderate Unreviewed
CVE-2024-57232 was published May 5, 2025
/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows... High Unreviewed
CVE-2020-10826 was published May 24, 2022
D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function... Critical Unreviewed
CVE-2022-43109 was published Nov 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database