GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,526
Composer 4,831
Erlang 36
GitHub Actions 33
Go 2,451
Maven 5,852
npm 4,073
NuGet 723
pip 3,868
Pub 12
RubyGems 943
Rust 1,010
Swift 39

Unreviewed advisories

All unreviewed 266,356

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

1,191 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Netwrix Password Secure 9.2.0.32454 allows OS command injection. Critical Unreviewed

CVE-2025-26817 was published Apr 3, 2025

A remote attacker with web administrator privileges can exploit the device’s web interface to... Critical Unreviewed

CVE-2025-0415 was published Apr 2, 2025

Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler... Critical Unreviewed

CVE-2025-30004 was published Mar 31, 2025

Os command injection vulnerability in e-solutions e-management. This vulnerability allows an... Critical Unreviewed

CVE-2025-3022 was published Mar 31, 2025

A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick... Critical Unreviewed

CVE-2025-2071 was published Mar 31, 2025

TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr. Critical Unreviewed

CVE-2025-25579 was published Mar 29, 2025

An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary... Critical Unreviewed

CVE-2025-28256 was published Mar 28, 2025

Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usb_adv.cgi, which... Critical Unreviewed

CVE-2025-28219 was published Mar 28, 2025

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements... Critical Unreviewed

CVE-2025-24383 was published Mar 28, 2025

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements... Critical Unreviewed

CVE-2025-22398 was published Mar 28, 2025

TOTOLINK A800R V4.1.2cu.5137_B20200730 contains a remote command execution vulnerability in the... Critical Unreviewed

CVE-2025-28138 was published Mar 27, 2025

Duplicate Advisory: D-Tale Command Injection vulnerability Critical

CVE-2025-0655 was published for dtale (pip) Mar 20, 2025 • withdrawn

vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server entrypoints Critical

CVE-2024-9053 was published for vllm (pip) Mar 20, 2025

Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted... Critical Unreviewed

CVE-2025-1316 was published Mar 5, 2025

In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE)... Critical Unreviewed

CVE-2025-27364 was published Feb 24, 2025

An OS command injection vulnerability exists in Vinci Protocol Analyzer that could allow an... Critical Unreviewed

CVE-2025-1265 was published Feb 20, 2025

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue... Critical Unreviewed

CVE-2021-46686 was published Feb 18, 2025

mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote... Critical Unreviewed

CVE-2025-25067 was published Feb 14, 2025

OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote... Critical Unreviewed

CVE-2024-47908 was published Feb 11, 2025

IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker... Critical Unreviewed

CVE-2024-51450 was published Feb 6, 2025

OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone... Critical Unreviewed

CVE-2024-53584 was published Jan 31, 2025

Affected products contain a vulnerability in the device cloud rpc command handling process that... Critical Unreviewed

CVE-2025-0680 was published Jan 30, 2025

mySCADA myPRO does not properly neutralize POST requests sent to a specific port with version... Critical Unreviewed

CVE-2025-20014 was published Jan 29, 2025

mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email... Critical Unreviewed

CVE-2025-20061 was published Jan 29, 2025

A Remote Code Execution Vulnerability exists in the product and version listed above. The... Critical Unreviewed

CVE-2025-24480 was published Jan 28, 2025

Previous 1 2 3 4 5 6 7 … 47 48 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,191 advisories