Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,105 advisories

Loading
Improper neutralization of special elements used in an OS command ('OS Command Injection')... High Unreviewed
CVE-2024-53286 was published Jul 23, 2025
A command injection vulnerability exists that can be exploited after authentication in VIGI... High Unreviewed
CVE-2025-7723 was published Jul 22, 2025
An unauthenticated OS command injection vulnerability exists in VIGI NVR1104H-4P V1 and VIGI... Critical Unreviewed
CVE-2025-7724 was published Jul 22, 2025
WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS... High Unreviewed
CVE-2025-53472 was published Jul 22, 2025
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /_internal... Critical Unreviewed
CVE-2025-36846 was published Jul 21, 2025
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139... High Unreviewed
CVE-2025-46117 was published Jul 21, 2025
A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21... High Unreviewed
CVE-2025-7382 was published Jul 21, 2025
An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos... Critical Unreviewed
CVE-2025-6704 was published Jul 21, 2025
A vulnerability, which was classified as critical, has been found in Comodo Internet Security... High Unreviewed
CVE-2025-7097 was published Jul 7, 2025
A vulnerability classified as critical has been found in D-Link DIR-818LW up to 20191215. This... Moderate Unreviewed
CVE-2025-7553 was published Jul 14, 2025
An unauthenticated command injection vulnerability exists in the cookie handling process of the... Critical Unreviewed
CVE-2025-34125 was published Jul 17, 2025
A remote code execution vulnerability exists in multiple Netcore and Netis routers models with... Critical Unreviewed
CVE-2025-34117 was published Jul 16, 2025
A vulnerability, which was classified as critical, was found in Tenda AC7 1200M 15.03.06.44.... Moderate Unreviewed
CVE-2025-1819 was published Mar 2, 2025
Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below contains an authenticated... Moderate Unreviewed
CVE-2025-52379 was published Jul 15, 2025
GitHub Kanban MCP Server vulnerable to Command Injection High
CVE-2025-53818 was published for @sunwood-ai-labs/github-kanban-mcp-server (npm) Jul 15, 2025
lirantal
Credited to lirantal
An unauthenticated command injection vulnerability exists in WePresent WiPG-1000 firmware... Critical Unreviewed
CVE-2025-34103 was published Jul 15, 2025
An authenticated multi-stage remote code execution vulnerability exists in Riverbed SteelCentral... Critical Unreviewed
CVE-2025-34112 was published Jul 15, 2025
A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version... Moderate Unreviewed
CVE-2025-52089 was published Jul 11, 2025
The iSherlock developed by Hgiga has an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-7451 was published Jul 14, 2025
phpThumb is vulnerable to Command Injection through its gif_outputAsJpeg function Moderate
CVE-2025-52994 was published for james-heinrich/phpthumb (Composer) Jul 11, 2025
Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0... High Unreviewed
CVE-2013-3307 was published Jul 11, 2025
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... High Unreviewed
CVE-2025-52988 was published Jul 11, 2025
An authenticated command injection vulnerability exists in the Polycom HDX Series command shell... High Unreviewed
CVE-2025-34093 was published Jul 10, 2025
An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically... Critical Unreviewed
CVE-2025-34095 was published Jul 10, 2025
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and... Critical Unreviewed
CVE-2025-34035 was published Jun 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database