Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
36
GitHub Actions
29
Go
2,336
Maven
5,000+
npm
3,969
NuGet
713
pip
3,767
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,695 advisories

Loading
OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT 'AC-WPS-11ac... Critical Unreviewed
CVE-2025-27797 was published Apr 9, 2025
OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC... High Unreviewed
CVE-2025-25053 was published Apr 9, 2025
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper... High Unreviewed
CVE-2025-30286 was published Apr 8, 2025
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper... High Unreviewed
CVE-2025-30289 was published Apr 8, 2025
A vulnerability in a system binary of AOS-8 Instant and AOS-10 AP could allow an authenticated... Moderate Unreviewed
CVE-2025-27078 was published Apr 8, 2025
A vulnerability in the file creation process on the command line interface of AOS-8 Instant and... Moderate Unreviewed
CVE-2025-27079 was published Apr 8, 2025
An improper neutralization of special elements used in an OS command ('OS Command Injection')... High Unreviewed
CVE-2024-54024 was published Apr 8, 2025
An improper neutralization of special elements used in an OS command ('OS Command Injection')... Moderate Unreviewed
CVE-2024-54025 was published Apr 8, 2025
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web... Critical Unreviewed
CVE-2024-41790 was published Apr 8, 2025
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web... Critical Unreviewed
CVE-2024-41788 was published Apr 8, 2025
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web... Critical Unreviewed
CVE-2024-41789 was published Apr 8, 2025
The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-3363 was published Apr 8, 2025
The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-3362 was published Apr 8, 2025
The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-3361 was published Apr 8, 2025
An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6... Critical Unreviewed
CVE-2021-47667 was published Apr 5, 2025
Stored Cross-Site Scripting (XSS) in DoWISP in versions prior to 1.16.2.50, which consists of an... Moderate Unreviewed
CVE-2025-3189 was published Apr 4, 2025
jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal" High
CVE-2025-30370 was published for jupyterlab-git (pip) Apr 4, 2025
dlqqq rpwagner
krassowski
Netwrix Password Secure 9.2.0.32454 allows OS command injection. Critical Unreviewed
CVE-2025-26817 was published Apr 3, 2025
This vulnerability involves command injection in tcpdump within Moxa products, enabling an... High Unreviewed
CVE-2025-0676 was published Apr 2, 2025
A remote attacker with web administrator privileges can exploit the device’s web interface to... Critical Unreviewed
CVE-2025-0415 was published Apr 2, 2025
An OS Command Injection vulnerability exists in the Infinxt iEdge 100 2.1.32 Troubleshoot module,... Moderate Unreviewed
CVE-2025-26055 was published Apr 1, 2025
Drupal AI Vulnerable to OS Command Injection via Optional Automator Types Moderate
CVE-2025-31692 was published for drupal/ai (Composer) Apr 1, 2025
Drupal AI Vulnerable to OS Command Injection Moderate
CVE-2025-31693 was published for drupal/ai (Composer) Apr 1, 2025
Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler... Critical Unreviewed
CVE-2025-30004 was published Mar 31, 2025
Os command injection vulnerability in e-solutions e-management. This vulnerability allows an... Critical Unreviewed
CVE-2025-3022 was published Mar 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database