Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,651
Maven
5,000+
npm
4,279
NuGet
760
pip
4,066
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,278 advisories

Loading
A command injection vulnerability in COMFAST CF-XR11 (firmware V2.7.2) exists in the multi_pppoe... High Unreviewed
CVE-2025-57293 was published Sep 18, 2025
The cbis_manager Podman container is vulnerable to remote command execution via the /api/plugins... High Unreviewed
CVE-2023-49565 was published Sep 18, 2025
Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products. High Unreviewed
CVE-2024-6333 was published Oct 17, 2024
In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61,... High Unreviewed
CVE-2025-59458 was published Sep 17, 2025
Edimax BR-6473AX v1.0.28 was discovered to contain a remote code execution (RCE) vulnerability... High Unreviewed
CVE-2025-56706 was published Sep 16, 2025
Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command... High Unreviewed
CVE-2024-12971 was published Mar 17, 2025
Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command... High Unreviewed
CVE-2024-12992 was published Mar 17, 2025
An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to gain sensitive information or... High Unreviewed
CVE-2025-56406 was published Sep 10, 2025
Improper Neutralization of Special Elements in the Netflow directory field may allow OS command... High Unreviewed
CVE-2025-5306 was published Jun 27, 2025
A vulnerability classified as critical has been found in Eluktronics Control Center 5.23.51.41.... High Unreviewed
CVE-2025-7883 was published Jul 20, 2025
TYPO3 Install Tool vulnerable to Code Execution High
CVE-2024-22188 was published for typo3/cms-core (Composer) Feb 13, 2024
bnf
Credited to bnf
Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to... High Unreviewed
CVE-2025-55319 was published Sep 12, 2025
Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 ... High Unreviewed
CVE-2024-5461 was published Feb 15, 2025
Improper neutralization of special elements used in a command ('command injection') in SQL Server... High Unreviewed
CVE-2025-55227 was published Sep 9, 2025
A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20... High Unreviewed
CVE-2024-51503 was published Nov 19, 2024
It was possible to perform Remote Command Execution (RCE) via Java RMI interface in the OpenEdge... High Unreviewed
CVE-2025-7388 was published Sep 4, 2025
mcp-markdownify-server vulnerable to command injection in pptx-to-markdown tool High
CVE-2025-58358 was published for mcp-markdownify-server (npm) Sep 2, 2025
0xRoyR
Credited to 0xRoyR
A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature,... High Unreviewed
CVE-2024-51941 was published Jan 22, 2025
Command Injection via sonarqube-scan-action GitHub Action High
CVE-2025-58178 was published for SonarSource/sonarqube-scan-action (GitHub Actions) Sep 2, 2025
Torbjorn-Svensson
Credited to Torbjorn-Svensson
OPNsense 25.1 contains an authenticated command injection vulnerability in its Bridge Interface... High Unreviewed
CVE-2025-50989 was published Aug 27, 2025
1Panel agent certificate verification bypass leading to arbitrary command execution High
CVE-2025-54424 was published for github.com/1Panel-dev/1Panel/core (Go) Aug 1, 2025
lizicoco
Credited to lizicoco
D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command... High Unreviewed
CVE-2025-29523 was published Aug 26, 2025
D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command... High Unreviewed
CVE-2025-29516 was published Aug 25, 2025
Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command (... High Unreviewed
CVE-2025-41451 was published Aug 22, 2025
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link... High Unreviewed
CVE-2023-49134 was published Apr 9, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database