Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,826
Erlang
36
GitHub Actions
32
Go
2,441
Maven
5,000+
npm
4,060
NuGet
723
pip
3,853
Pub
12
RubyGems
941
Rust
1,007
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,185 advisories

Loading
Openfiler v2.x contains a command injection vulnerability in the system.html page. The device... Critical Unreviewed
CVE-2012-10040 was published Aug 11, 2025
PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez... Critical Unreviewed
CVE-2012-10037 was published Aug 11, 2025
ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2... Critical Unreviewed
CVE-2012-10039 was published Aug 11, 2025
The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2057) contains an... Critical Unreviewed
CVE-2012-10046 was published Aug 8, 2025
An unauthenticated remote command execution vulnerability exists in AjaXplorer (now known as... Critical Unreviewed
CVE-2010-10013 was published Aug 8, 2025
WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php... Critical Unreviewed
CVE-2012-10041 was published Aug 8, 2025
A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on... Critical Unreviewed
CVE-2025-34151 was published Aug 7, 2025
A command injection vulnerability affects the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model... Critical Unreviewed
CVE-2025-34149 was published Aug 7, 2025
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi... Critical Unreviewed
CVE-2025-34152 was published Aug 7, 2025
The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02... Critical Unreviewed
CVE-2025-34150 was published Aug 7, 2025
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi... Critical Unreviewed
CVE-2025-34148 was published Aug 7, 2025
The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev... Critical Unreviewed
CVE-2013-10069 was published Aug 5, 2025
Narcissus is vulnerable to remote code execution via improper input handling in its image... Critical Unreviewed
CVE-2012-10033 was published Aug 5, 2025
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre... Critical Unreviewed
CVE-2025-54987 was published Aug 5, 2025
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre... Critical Unreviewed
CVE-2025-54948 was published Aug 5, 2025
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi... Critical Unreviewed
CVE-2025-34147 was published Aug 4, 2025
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection... Critical Unreviewed
CVE-2025-51390 was published Aug 4, 2025
In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP... Critical Unreviewed
CVE-2025-44961 was published Aug 4, 2025
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the... Critical Unreviewed
CVE-2013-10060 was published Aug 1, 2025
An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300... Critical Unreviewed
CVE-2013-10048 was published Aug 1, 2025
An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically... Critical Unreviewed
CVE-2013-10049 was published Aug 1, 2025
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers Critical
CVE-2025-54782 was published for @nestjs/devtools-integration (npm) Aug 1, 2025
JLLeitschuh
An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to... Critical Unreviewed
CVE-2014-125124 was published Jul 31, 2025
An OS command injection vulnerability exists in Russound MBX-PRE-D67F firmware version 3.1.6,... Critical Unreviewed
CVE-2025-50475 was published Jul 31, 2025
An OS command injection vulnerability exists in WebTester version 5.x via the install2.php... Critical Unreviewed
CVE-2013-10037 was published Jul 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database