Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,742
Maven
5,000+
npm
4,339
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,305 advisories

Loading
A improper neutralization of special elements used in an os command ('os command injection') in... High Unreviewed
CVE-2025-64153 was published Dec 9, 2025
An improper neutralization of special elements used in an OS command ('OS Command Injection')... High Unreviewed
CVE-2025-53679 was published Dec 9, 2025
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... High Unreviewed
CVE-2025-53949 was published Dec 9, 2025
RCE via ZipSlip and symbolic links in argoproj/argo-workflows High
CVE-2025-66626 was published for github.com/argoproj/argo-workflows (Go) Dec 9, 2025
cristianstaicu meenakshisl
Credited to cristianstaicu and meenakshisl
Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in... High Unreviewed
CVE-2025-66644 was published Dec 5, 2025
Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the... High Unreviewed
CVE-2025-66576 was published Dec 4, 2025
perl2exe <= V30.10C contains an arbitrary code execution vulnerability that allows local... High Unreviewed
CVE-2024-58278 was published Dec 4, 2025
A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up... High Unreviewed
CVE-2025-12744 was published Dec 3, 2025
Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2... High Unreviewed
CVE-2025-11787 was published Dec 2, 2025
TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the... High Unreviewed
CVE-2025-65202 was published Nov 26, 2025
Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer High
CVE-2025-62703 was published for fugue (pip) Nov 25, 2025
Chenpinji
Credited to Chenpinji
A command injection vulnerability has been identified in bwdpi. A remote, authenticated attacker... High Unreviewed
CVE-2025-59370 was published Nov 25, 2025
A Looker user with a Developer role could cause Looker to execute a malicious command, due to... High Unreviewed
CVE-2025-12742 was published Nov 25, 2025
@anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes High
CVE-2025-64755 was published for @anthropic-ai/claude-code (npm) Nov 20, 2025
An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 -... High Unreviewed
CVE-2025-60738 was published Nov 20, 2025
Lite XL versions 2.1.8 and prior contain a vulnerability in the system.exec function, which... High Unreviewed
CVE-2025-12121 was published Nov 20, 2025
D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution... High Unreviewed
CVE-2025-63932 was published Nov 19, 2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are... High Unreviewed
CVE-2025-34334 was published Nov 19, 2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23... High Unreviewed
CVE-2025-34335 was published Nov 19, 2025
A command injection vulnerability has been identified in the command line interface of the HPE... High Unreviewed
CVE-2025-37163 was published Nov 18, 2025
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... High Unreviewed
CVE-2025-58034 was published Nov 18, 2025
A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0... High Unreviewed
CVE-2025-8693 was published Nov 18, 2025
Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection... High Unreviewed
CVE-2025-34322 was published Nov 17, 2025
glob CLI: Command injection via -c/--cmd executes matches with shell:true High
CVE-2025-64756 was published for glob (npm) Nov 17, 2025
Gyde04 aisle-research
G-Rath bchew qwilr-altonius llwslc EinfachHans skremiec AlanGreene isaacs
Credited to Gyde04, aisle-research, G-Rath, bchew, qwilr-altonius, llwslc, EinfachHans, skremiec, AlanGreene, and isaacs
IPCop versions up to and including 2.1.9 contain an authenticated remote code execution... High Unreviewed
CVE-2021-4466 was published Nov 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database