Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,155 advisories

Loading
Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in... High Unreviewed
CVE-2025-66644 was published Dec 5, 2025
ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution... Critical Unreviewed
CVE-2020-36877 was published Dec 5, 2025
Loaded Commerce 6.6 contains a client-side template injection vulnerability that allows... Moderate Unreviewed
CVE-2025-66572 was published Dec 4, 2025
Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the... High Unreviewed
CVE-2025-66576 was published Dec 4, 2025
perl2exe <= V30.10C contains an arbitrary code execution vulnerability that allows local... High Unreviewed
CVE-2024-58278 was published Dec 4, 2025
ALLNET ALL-RUT22GW v3.3.8 was discovered to contain an OS command injection vulnerability via the... Moderate Unreviewed
CVE-2025-29269 was published Dec 4, 2025
TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8... Critical Unreviewed
CVE-2025-34319 was published Dec 3, 2025
A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up... High Unreviewed
CVE-2025-12744 was published Dec 3, 2025
Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2... High Unreviewed
CVE-2025-11787 was published Dec 2, 2025
MCP Watch has a Critical Command Injection in cloneRepo allows Remote Code Execution (RCE) via malicious URL Critical
CVE-2025-66401 was published for mcp-watch (npm) Dec 2, 2025
viralvaghela
Credited to viralvaghela
By providing a command-line argument starting with a semi-colon ; to an API endpoint created by... Critical Unreviewed
CVE-2025-35028 was published Dec 1, 2025
Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool... Critical Unreviewed
CVE-2025-8890 was published Nov 27, 2025
TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the... High Unreviewed
CVE-2025-65202 was published Nov 26, 2025
Improper neutralization of special elements used in an OS command ('command injection') in Cursor... Critical Unreviewed
CVE-2025-62354 was published Nov 26, 2025
An OS command injection vulnerability exists due to insufficient sanitization of user-supplied... Critical Unreviewed
CVE-2025-64127 was published Nov 26, 2025
An OS command injection vulnerability exists due to incomplete validation of user-supplied input... Critical Unreviewed
CVE-2025-64128 was published Nov 26, 2025
An OS command injection vulnerability exists due to improper input validation. The application... Critical Unreviewed
CVE-2025-64126 was published Nov 26, 2025
Unauthenticated OS Command Injection (restore_settings.php) in DB Electronica Telecomunicazioni S... Critical Unreviewed
CVE-2025-66261 was published Nov 26, 2025
Unauthenticated OS Command Injection (start_upgrade.php) in DB Electronica Telecomunicazioni S.p... Critical Unreviewed
CVE-2025-66253 was published Nov 26, 2025
Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer High
CVE-2025-62703 was published for fugue (pip) Nov 25, 2025
Chenpinji
Credited to Chenpinji
A command injection vulnerability has been identified in bwdpi. A remote, authenticated attacker... High Unreviewed
CVE-2025-59370 was published Nov 25, 2025
A Looker user with a Developer role could cause Looker to execute a malicious command, due to... High Unreviewed
CVE-2025-12742 was published Nov 25, 2025
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware (used by many white-labeled DVR/NVR... Critical Unreviewed
CVE-2018-25126 was published Nov 24, 2025
@anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes High
CVE-2025-64755 was published for @anthropic-ai/claude-code (npm) Nov 20, 2025
An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 -... High Unreviewed
CVE-2025-60738 was published Nov 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database