Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,826
Erlang
36
GitHub Actions
32
Go
2,426
Maven
5,000+
npm
4,058
NuGet
723
pip
3,849
Pub
12
RubyGems
941
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,182 advisories

Loading
MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. A... High Unreviewed
CVE-2025-8748 was published Aug 8, 2025
Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2025-8654 was published Aug 6, 2025
An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN that allows authenticated... High Unreviewed
CVE-2025-43979 was published Aug 5, 2025
Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative... High Unreviewed
CVE-2012-10028 was published Aug 5, 2025
Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command... High Unreviewed
CVE-2012-10029 was published Aug 5, 2025
Jointelli 5G CPE 21H01 firmware JY_21H01_A3_v1.36 devices allow (blind) OS command injection.... High Unreviewed
CVE-2025-43978 was published Aug 5, 2025
Thor can construct an unsafe shell command from library input. High
CVE-2025-54314 was published for thor (RubyGems) Jul 20, 2025
odaysec
Claude Code echo command allowed bypass of user approval prompt for command execution High
CVE-2025-54795 was published for @anthropic-ai/claude-code (npm) Aug 4, 2025
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain... High Unreviewed
CVE-2025-44960 was published Aug 4, 2025
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... High Unreviewed
CVE-2025-30099 was published Aug 4, 2025
Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements... High Unreviewed
CVE-2025-36604 was published Aug 4, 2025
Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its... High Unreviewed
CVE-2025-36606 was published Aug 4, 2025
Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its... High Unreviewed
CVE-2025-36607 was published Aug 4, 2025
An OS command injection vulnerability exists in multiple D-Link routers—confirmed on DIR-300 rev... High Unreviewed
CVE-2013-10050 was published Aug 1, 2025
A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module... High Unreviewed
CVE-2013-10053 was published Aug 1, 2025
An authenticated OS command injection vulnerability exists in various Linksys router models ... High Unreviewed
CVE-2013-10058 was published Aug 1, 2025
An authenticated OS command injection vulnerability exists in various D-Link routers (tested on... High Unreviewed
CVE-2013-10059 was published Aug 1, 2025
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the... High Unreviewed
CVE-2013-10061 was published Aug 1, 2025
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS... High Unreviewed
CVE-2024-56132 was published Feb 5, 2025
A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in... High Unreviewed
CVE-2013-10039 was published Jul 31, 2025
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS... High Unreviewed
CVE-2024-8755 was published Oct 11, 2024
Apache Spark UI can allow impersonation if ACLs enabled High
CVE-2022-33891 was published for org.apache.spark:spark-parent_2.12 (Maven) Jul 19, 2022
alowayed
An authenticated remote code execution vulnerability in PowerStick Wave Dual-Band Wifi Extender... High Unreviewed
CVE-2025-29534 was published Jul 28, 2025
bun vulnerable to OS Command Injection High
CVE-2025-8022 was published for bun (npm) Jul 23, 2025
lirantal
The web application allows user input to pass unfiltered to a command executed on the underlying... High Unreviewed
CVE-2025-24938 was published Jul 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database