Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,489
Maven
5,000+
npm
4,106
NuGet
735
pip
3,928
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,909 advisories

Loading
An improper neutralization of special elements used in an OS command ('OS Command Injection')... Moderate Unreviewed
CVE-2024-45325 was published Sep 9, 2025
Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local... High Unreviewed
CVE-2025-56803 was published Sep 8, 2025
TkEasyGUI Vulnerable to OS Command Injection Critical
CVE-2025-55037 was published for TkEasyGUI (pip) Sep 5, 2025
A security vulnerability has been detected in D-Link DIR-852 1.00CN B09. Impacted is the function... Moderate Unreviewed
CVE-2025-9752 was published Sep 4, 2025
Vacron Camera ping Command Injection Remote Code Execution Vulnerability. This vulnerability... High Unreviewed
CVE-2025-8613 was published Sep 2, 2025
TRENDnet TV-IP410 vA1.0R was discovered to contain an OS command injection vulnerability via the ... Critical Unreviewed
CVE-2024-46484 was published Aug 29, 2025
The authenticated remote command execution (RCE) vulnerability exists in the Parental Control... High Unreviewed
CVE-2025-9377 was published Aug 29, 2025
Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If... High Unreviewed
CVE-2025-53508 was published Aug 29, 2025
Valtimo scripting engine can be used to gain access to sensitive data or resources Critical
CVE-2025-58059 was published for com.ritense.valtimo:core (Maven) Aug 28, 2025
D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command... Critical Unreviewed
CVE-2025-55583 was published Aug 28, 2025
AnyShare contains a critical unauthenticated remote code execution vulnerability in the... Critical Unreviewed
CVE-2025-34160 was published Aug 28, 2025
A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated... Critical Unreviewed
CVE-2024-13985 was published Aug 28, 2025
Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR... Critical Unreviewed
CVE-2018-25115 was published Aug 28, 2025
A vulnerability in the CLI of Cisco UCS Manager Software could allow an authenticated, local... Moderate Unreviewed
CVE-2025-20295 was published Aug 27, 2025
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker... Moderate Unreviewed
CVE-2025-20292 was published Aug 27, 2025
Multiple vulnerabilities in the CLI and web-based management interface of Cisco UCS Manager... Moderate Unreviewed
CVE-2025-20294 was published Aug 27, 2025
The Calamaris log exporter CGI (/cgi-bin/logs.cgi/calamaris.dat) in IPFire 2.29 does not properly... Moderate Unreviewed
CVE-2025-50974 was published Aug 26, 2025
Three OS command injection vulnerabilities exist in the web interface I/O configuration... High Unreviewed
CVE-2024-28027 was published Aug 26, 2025
Three OS command injection vulnerabilities exist in the web interface I/O configuration... High Unreviewed
CVE-2024-28026 was published Aug 26, 2025
Three OS command injection vulnerabilities exist in the web interface I/O configuration... High Unreviewed
CVE-2024-28025 was published Aug 26, 2025
A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS... Critical Unreviewed
CVE-2025-3128 was published Aug 21, 2025
The StrongDM macOS client incorrectly processed JSON-formatted messages. Attackers could... High Unreviewed
CVE-2025-6183 was published Aug 20, 2025
The StrongDM Windows service incorrectly handled input validation. Authenticated attackers could... High Unreviewed
CVE-2025-6181 was published Aug 20, 2025
FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in... Critical Unreviewed
CVE-2010-20059 was published Aug 20, 2025
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection... Moderate Unreviewed
CVE-2025-55589 was published Aug 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database