Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,651
Maven
5,000+
npm
4,279
NuGet
760
pip
4,066
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,278 advisories

Loading
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via... High Unreviewed
CVE-2021-3621 was published Dec 24, 2021
SPH Engineering UgCS 5.13.0 is vulnerable to Arbitary code execution. High Unreviewed
CVE-2025-60595 was published Oct 29, 2025
jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution ... High Unreviewed
CVE-2025-60801 was published Oct 24, 2025
Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows... High Unreviewed
CVE-2024-41153 was published Oct 29, 2024
Remote code execution (RCE) in Apache Airflow High
CVE-2020-11978 was published for apache-airflow (pip) Jul 27, 2020
sunSUNQ
Credited to sunSUNQ
A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated... High Unreviewed
CVE-2025-4231 was published Jun 13, 2025
The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote... High Unreviewed
CVE-2015-2051 was published May 17, 2022
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1... High Unreviewed
CVE-2007-3010 was published May 1, 2022
HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary... High Unreviewed
CVE-2005-2773 was published May 1, 2022
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2... High Unreviewed
CVE-2024-9380 was published Oct 8, 2024
A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS... High Unreviewed
CVE-2024-3273 was published Apr 4, 2024
ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an authenticated command injection... High Unreviewed
CVE-2023-39780 was published Sep 11, 2023
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a... High Unreviewed
CVE-2023-33538 was published Jun 7, 2023
A vulnerability in the web-based management interface of Cisco Small Business Routers RV016,... High Unreviewed
CVE-2023-20118 was published Apr 13, 2023
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject... High Unreviewed
CVE-2022-27924 was published Apr 22, 2022
A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote... High Unreviewed
CVE-2021-22899 was published May 24, 2022
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command... High Unreviewed
CVE-2023-1389 was published Mar 16, 2023
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17,... High Unreviewed
CVE-2022-36804 was published Aug 26, 2022
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector... High Unreviewed
CVE-2020-4006 was published May 24, 2022
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02... High Unreviewed
CVE-2020-25079 was published May 24, 2022
A remote code execution vulnerability exists in the way that the MSHTML engine inproperly... High Unreviewed
CVE-2019-0541 was published May 13, 2022
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution,... High Unreviewed
CVE-2017-6327 was published May 13, 2022
Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and... High Unreviewed
CVE-2016-6367 was published May 17, 2022
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0... High Unreviewed
CVE-2015-4852 was published May 14, 2022
A security issue exists within FactoryTalk Optix MQTT broker due to the lack of URI sanitization.... High Unreviewed
CVE-2025-9161 was published Sep 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database