Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,819
Erlang
36
GitHub Actions
32
Go
2,410
Maven
5,000+
npm
4,046
NuGet
723
pip
3,842
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,167 advisories

Loading
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the... Critical Unreviewed
CVE-2013-10060 was published Aug 1, 2025
An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically... Critical Unreviewed
CVE-2013-10049 was published Aug 1, 2025
An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300... Critical Unreviewed
CVE-2013-10048 was published Aug 1, 2025
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers Critical
CVE-2025-54782 was published for @nestjs/devtools-integration (npm) Aug 1, 2025
JLLeitschuh
An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to... Critical Unreviewed
CVE-2014-125124 was published Jul 31, 2025
An OS command injection vulnerability exists in Russound MBX-PRE-D67F firmware version 3.1.6,... Critical Unreviewed
CVE-2025-50475 was published Jul 31, 2025
An OS command injection vulnerability exists in WebTester version 5.x via the install2.php... Critical Unreviewed
CVE-2013-10037 was published Jul 31, 2025
CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability Critical
CVE-2025-54418 was published for codeigniter4/framework (Composer) Jul 28, 2025
vicevirus
OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to... Critical Unreviewed
CVE-2025-53695 was published Jul 28, 2025
A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The... Critical Unreviewed
CVE-2014-125118 was published Jul 25, 2025
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used... Critical Unreviewed
CVE-2025-5243 was published Jul 25, 2025
The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions... Critical Unreviewed
CVE-2019-25224 was published Jul 25, 2025
Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code... Critical Unreviewed
CVE-2022-4978 was published Jul 23, 2025
An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and... Critical Unreviewed
CVE-2015-10141 was published Jul 23, 2025
An unauthenticated OS command injection vulnerability exists in VIGI NVR1104H-4P V1 and VIGI... Critical Unreviewed
CVE-2025-7724 was published Jul 22, 2025
An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The... Critical Unreviewed
CVE-2025-34143 was published Jul 22, 2025
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /_internal... Critical Unreviewed
CVE-2025-36846 was published Jul 21, 2025
An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos... Critical Unreviewed
CVE-2025-6704 was published Jul 21, 2025
The web application allows user input to pass unfiltered to a command executed on the underlying... Critical Unreviewed
CVE-2025-24936 was published Jul 21, 2025
An unauthenticated command injection vulnerability exists in the cookie handling process of the... Critical Unreviewed
CVE-2025-34125 was published Jul 17, 2025
A remote code execution vulnerability exists in multiple Netcore and Netis routers models with... Critical Unreviewed
CVE-2025-34117 was published Jul 16, 2025
An authenticated multi-stage remote code execution vulnerability exists in Riverbed SteelCentral... Critical Unreviewed
CVE-2025-34112 was published Jul 15, 2025
An unauthenticated command injection vulnerability exists in WePresent WiPG-1000 firmware... Critical Unreviewed
CVE-2025-34103 was published Jul 15, 2025
The iSherlock developed by Hgiga has an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-7451 was published Jul 14, 2025
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'... Critical Unreviewed
CVE-2025-50121 was published Jul 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database