Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
36
GitHub Actions
29
Go
2,336
Maven
5,000+
npm
3,969
NuGet
713
pip
3,767
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,695 advisories

Loading
The Backup Plus extension for TYPO3 (ns_backup) allows command injections Moderate
CVE-2025-48204 was published for nitsan/ns-backup (Composer) May 21, 2025
Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt... Moderate Unreviewed
CVE-2025-27804 was published May 21, 2025
Insufficient input sanitization in ejson2env Moderate
CVE-2025-48069 was published for ejson2env (RubyGems) May 21, 2025
thepwagner alexhope61
rj-coleman Owen-Cummings
AAPanel v7.0.7 was discovered to contain an OS command injection vulnerability. Moderate Unreviewed
CVE-2024-42922 was published May 21, 2025
A command injection vulnerability in the component /cgi-bin/adm.cgi of Wavlink WL-WN579A3 v1.0... Critical Unreviewed
CVE-2025-44880 was published May 20, 2025
A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink WL-WN579A3 v1... Critical Unreviewed
CVE-2025-44882 was published May 20, 2025
The vCenter Server contains an authenticated command-execution vulnerability. A malicious actor... High Unreviewed
CVE-2025-41225 was published May 20, 2025
The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is... High Unreviewed
CVE-2024-6486 was published May 15, 2025
motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution High
CVE-2025-47782 was published for motioneye (pip) May 15, 2025
hyperlyz MichaIng
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue... Critical Unreviewed
CVE-2025-32002 was published May 15, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper... Critical Unreviewed
CVE-2025-43562 was published May 13, 2025
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2025-45858 was published May 13, 2025
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with... High Unreviewed
CVE-2025-40582 was published May 13, 2025
A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0)... Critical Unreviewed
CVE-2025-26389 was published May 13, 2025
dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname... Moderate Unreviewed
CVE-2025-47203 was published May 7, 2025
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can... High Unreviewed
CVE-2025-32821 was published May 7, 2025
A vulnerability in the web-based management interface of the Wireless LAN Controller feature of... High Unreviewed
CVE-2025-20186 was published May 7, 2025
A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an... Moderate Unreviewed
CVE-2025-20194 was published May 7, 2025
A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could... Moderate Unreviewed
CVE-2025-20213 was published May 7, 2025
A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an... Moderate Unreviewed
CVE-2025-20193 was published May 7, 2025
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the... Critical Unreviewed
CVE-2025-45491 was published May 6, 2025
Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet... Critical Unreviewed
CVE-2025-45042 was published May 5, 2025
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed
CVE-2025-2605 was published May 2, 2025
OPA server Data API HTTP path injection of Rego High
CVE-2025-46569 was published for github.com/open-policy-agent/opa (Go) May 1, 2025
GamrayW HyouKash
AdrienIT
Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vulnerability. This... High Unreviewed
CVE-2024-6032 was published Apr 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database