Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,736
Maven
5,000+
npm
4,334
NuGet
764
pip
4,110
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,159 advisories

Loading
An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 -... High Unreviewed
CVE-2025-60738 was published Nov 20, 2025
D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution... High Unreviewed
CVE-2025-63932 was published Nov 19, 2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are... High Unreviewed
CVE-2025-34334 was published Nov 19, 2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23... High Unreviewed
CVE-2025-34335 was published Nov 19, 2025
A command injection vulnerability has been identified in the command line interface of the HPE... High Unreviewed
CVE-2025-37163 was published Nov 18, 2025
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation... Moderate Unreviewed
CVE-2025-37157 was published Nov 18, 2025
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation... Moderate Unreviewed
CVE-2025-37158 was published Nov 18, 2025
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... High Unreviewed
CVE-2025-58034 was published Nov 18, 2025
Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory traversal that allows an... Moderate Unreviewed
CVE-2025-63408 was published Nov 18, 2025
A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0... High Unreviewed
CVE-2025-8693 was published Nov 18, 2025
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Moderate Unreviewed
CVE-2025-55055 was published Nov 17, 2025
Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection... High Unreviewed
CVE-2025-34322 was published Nov 17, 2025
MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF... Moderate Unreviewed
CVE-2025-63916 was published Nov 17, 2025
glob CLI: Command injection via -c/--cmd executes matches with shell:true High
CVE-2025-64756 was published for glob (npm) Nov 17, 2025
Gyde04 aisle-research
G-Rath bchew qwilr-altonius llwslc EinfachHans skremiec AlanGreene isaacs
Credited to Gyde04, aisle-research, G-Rath, bchew, qwilr-altonius, llwslc, EinfachHans, skremiec, AlanGreene, and isaacs
ThinPLUS developed by ThinPLUS has an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-13284 was published Nov 17, 2025
IPCop versions up to and including 2.1.9 contain an authenticated remote code execution... High Unreviewed
CVE-2021-4466 was published Nov 15, 2025
TG8 Firewall contains a pre-authentication remote code execution vulnerability in the runphpcmd... Critical Unreviewed
CVE-2021-4470 was published Nov 15, 2025
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue... High Unreviewed
CVE-2025-64444 was published Nov 14, 2025
A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote... Moderate Unreviewed
CVE-2025-20349 was published Nov 13, 2025
pgAdmin 4 has command injection vulnerability on Windows systems Moderate
CVE-2025-12763 was published for pgadmin4 (pip) Nov 13, 2025
Due to an OS Command Injection vulnerability in SAP Business Connector, an authenticated attacker... Moderate Unreviewed
CVE-2025-42892 was published Nov 11, 2025
A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration... Critical Unreviewed
CVE-2025-10230 was published Nov 7, 2025
Cross-site Scripting vulnerability in NEC Corporation UNIVERGE IX from Ver.9.5 to Ver.10.7, from... Critical Unreviewed
CVE-2025-11546 was published Nov 7, 2025
evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability. This... High Unreviewed
CVE-2025-12489 was published Nov 6, 2025
Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in... High Unreviewed
CVE-2025-34239 was published Nov 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database