Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,491
Maven
5,000+
npm
4,110
NuGet
735
pip
3,933
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,050 advisories

Loading
codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function (lib... Critical Unreviewed
CVE-2025-57285 was published Sep 8, 2025
@akoskm/create-mcp-server-stdio is vulnerable to MCP Server Command Injection through `exec` API Critical
CVE-2025-54994 was published for @akoskm/create-mcp-server-stdio (npm) Sep 8, 2025
lirantal
In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the... Critical Unreviewed
CVE-2025-50428 was published Aug 27, 2025
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote... Critical Unreviewed
CVE-2023-30258 was published Jun 23, 2023
The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute... Critical Unreviewed
CVE-2025-57105 was published Aug 22, 2025
Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute... Critical Unreviewed
CVE-2025-50722 was published Aug 26, 2025
Active Storage allowed transformation methods that were potentially unsafe Critical
CVE-2025-24293 was published for activestorage (RubyGems) Aug 14, 2025
th4s1s
Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a... Critical Unreviewed
CVE-2025-24285 was published Aug 21, 2025
screenshot-desktop vulnerable to command Injection via `format` option Critical
CVE-2025-55294 was published for screenshot-desktop (npm) Aug 19, 2025
RichardoC bencevans
Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthenticated remote users to... Critical Unreviewed
CVE-2020-13117 was published May 24, 2022
TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2025-55591 was published Aug 18, 2025
A command injection vulnerability in the web interface of Adtran 411 ONT L80.00.0011.M2 allows... Critical Unreviewed
CVE-2025-22941 was published Mar 31, 2025
A command injection vulnerability in the telnet service of Adtran 411 ONT L80.00.0011.M2 allows... Critical Unreviewed
CVE-2025-22939 was published Mar 31, 2025
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over... Critical Unreviewed
CVE-2025-32711 was published Jun 11, 2025
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers Critical
CVE-2025-54782 was published for @nestjs/devtools-integration (npm) Aug 1, 2025
JLLeitschuh
An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to... Critical Unreviewed
CVE-2025-26063 was published Jul 31, 2025
A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of... Critical Unreviewed
CVE-2024-13871 was published Mar 12, 2025
tj-actions/branch-names has a Command Injection Vulnerability Critical
CVE-2025-54416 was published for tj-actions/branch-names (GitHub Actions) Jul 25, 2025
tutasla
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow a... Critical Unreviewed
CVE-2024-41783 was published Jan 19, 2025
Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in... Critical Unreviewed
CVE-2025-52046 was published Jul 17, 2025
Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the... Critical Unreviewed
CVE-2025-50756 was published Jul 14, 2025
Successful exploitation of the vulnerability could allow an attacker to inject commands with root... Critical Unreviewed
CVE-2025-52688 was published Jul 16, 2025
Vulnerabilities* in ActADUR local server product, developed and maintained by ProTNS, allows... Critical Unreviewed
CVE-2025-3621 was published Jul 15, 2025
An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to... Critical Unreviewed
CVE-2025-45931 was published Jun 30, 2025
In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl... Critical Unreviewed
CVE-2023-31446 was published Jan 10, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database