Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,876
Erlang
37
GitHub Actions
36
Go
2,521
Maven
5,000+
npm
4,167
NuGet
741
pip
3,963
Pub
12
RubyGems
946
Rust
1,028
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,966 advisories

Loading
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection... Moderate Unreviewed
CVE-2025-55589 was published Aug 18, 2025
Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code High
CVE-2025-55284 was published for @anthropic-ai/claude-code (npm) Aug 18, 2025
A vulnerability in the CLI of Cisco Secure Firewall Management Center (FMC) Software and Cisco... Moderate Unreviewed
CVE-2025-20220 was published Aug 14, 2025
Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This... Critical Unreviewed
CVE-2025-8876 was published Aug 14, 2025
An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software... Critical Unreviewed
CVE-2025-43984 was published Aug 14, 2025
Flowise OS command remote code execution Critical
CVE-2025-8943 was published for flowise (npm) Aug 14, 2025
Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection... Critical Unreviewed
CVE-2012-10059 was published Aug 13, 2025
Snort Report versions < 1.3.2 contains a remote command execution vulnerability in the nmap.php... Critical Unreviewed
CVE-2011-10017 was published Aug 13, 2025
The /goform/formJsonAjaxReq POST endpoint of Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731... Moderate Unreviewed
CVE-2025-43989 was published Aug 13, 2025
NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute... High Unreviewed
CVE-2025-23294 was published Aug 13, 2025
OliveTin OS Command Injection vulnerability High
CVE-2025-50946 was published for github.com/OliveTin/OliveTin (Go) Aug 13, 2025
An improper neutralization of special elements used in an OS Command ("OS Command Injection")... High Unreviewed
CVE-2025-49813 was published Aug 12, 2025
A improper neutralization of special elements used in an os command ('os command injection')... Moderate Unreviewed
CVE-2025-47857 was published Aug 12, 2025
An improper neutralization of special elements used in an OS command ('OS Command Injection')... Moderate Unreviewed
CVE-2025-27759 was published Aug 12, 2025
An improper neutralization of special elements used in an OS command ('OS Command Injection')... Critical Unreviewed
CVE-2025-25256 was published Aug 12, 2025
ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2... Critical Unreviewed
CVE-2012-10039 was published Aug 11, 2025
Openfiler v2.x contains a command injection vulnerability in the system.html page. The device... Critical Unreviewed
CVE-2012-10040 was published Aug 11, 2025
PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez... Critical Unreviewed
CVE-2012-10037 was published Aug 11, 2025
The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2057) contains an... Critical Unreviewed
CVE-2012-10046 was published Aug 8, 2025
WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php... Critical Unreviewed
CVE-2012-10041 was published Aug 8, 2025
An unauthenticated remote command execution vulnerability exists in AjaXplorer (now known as... Critical Unreviewed
CVE-2010-10013 was published Aug 8, 2025
MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. A... High Unreviewed
CVE-2025-8748 was published Aug 8, 2025
Powered BLUE 870 versions 0.20130927 and prior contain an OS command injection vulnerability. If... Moderate Unreviewed
CVE-2025-54958 was published Aug 8, 2025
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi... Critical Unreviewed
CVE-2025-34152 was published Aug 7, 2025
A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on... Critical Unreviewed
CVE-2025-34151 was published Aug 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database