Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,746
Maven
5,000+
npm
4,346
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,175 advisories

Loading
reNgine 2.2.0 contains a command injection vulnerability in the nmap_cmd parameter of scan engine... High Unreviewed
CVE-2024-58287 was published Dec 12, 2025
dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject... Critical Unreviewed
CVE-2024-58286 was published Dec 12, 2025
FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that... High Unreviewed
CVE-2024-58294 was published Dec 12, 2025
IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to execute... High Unreviewed
CVE-2025-13481 was published Dec 11, 2025
squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if... High Unreviewed
CVE-2025-67738 was published Dec 11, 2025
A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local... High Unreviewed
CVE-2025-65199 was published Dec 10, 2025
Jenkins Git client Plugin has an OS command injection vulnerability on agents in Git client Plugin Moderate
CVE-2025-67640 was published for org.jenkins-ci.plugins:git-client (Maven) Dec 10, 2025
Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in... Critical Unreviewed
CVE-2021-47728 was published Dec 9, 2025
An issue was discovered in openmptcprouter thru 0.64 in file common/package/utils/sys-upgrade... Critical Unreviewed
CVE-2025-65882 was published Dec 9, 2025
A improper neutralization of special elements used in an os command ('os command injection') in... High Unreviewed
CVE-2025-64153 was published Dec 9, 2025
An improper neutralization of special elements used in an OS command ('OS Command Injection')... High Unreviewed
CVE-2025-53679 was published Dec 9, 2025
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... High Unreviewed
CVE-2025-53949 was published Dec 9, 2025
RCE via ZipSlip and symbolic links in argoproj/argo-workflows High
CVE-2025-66626 was published for github.com/argoproj/argo-workflows (Go) Dec 9, 2025
cristianstaicu meenakshisl
Credited to cristianstaicu and meenakshisl
Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in... High Unreviewed
CVE-2025-66644 was published Dec 5, 2025
ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution... Critical Unreviewed
CVE-2020-36877 was published Dec 5, 2025
A flaw has been found in Edimax BR-6478AC V3 1.0.15. The affected element is the function... Moderate Unreviewed
CVE-2025-14094 was published Dec 5, 2025
A vulnerability was detected in Edimax BR-6478AC V3 1.0.15. Impacted is the function sub_416990... Moderate Unreviewed
CVE-2025-14093 was published Dec 5, 2025
A security vulnerability has been detected in Edimax BR-6478AC V3 1.0.15. This issue affects the... Moderate Unreviewed
CVE-2025-14092 was published Dec 5, 2025
perl2exe <= V30.10C contains an arbitrary code execution vulnerability that allows local... High Unreviewed
CVE-2024-58278 was published Dec 4, 2025
Loaded Commerce 6.6 contains a client-side template injection vulnerability that allows... Moderate Unreviewed
CVE-2025-66572 was published Dec 4, 2025
Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the... High Unreviewed
CVE-2025-66576 was published Dec 4, 2025
ALLNET ALL-RUT22GW v3.3.8 was discovered to contain an OS command injection vulnerability via the... Moderate Unreviewed
CVE-2025-29269 was published Dec 4, 2025
TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8... Critical Unreviewed
CVE-2025-34319 was published Dec 3, 2025
A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up... High Unreviewed
CVE-2025-12744 was published Dec 3, 2025
Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2... High Unreviewed
CVE-2025-11787 was published Dec 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database