Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,358
Maven
5,000+
npm
3,979
NuGet
720
pip
3,777
Pub
12
RubyGems
924
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,054 advisories

Loading
Improper Neutralization of Special Elements in the Netflow directory field may allow OS command... High Unreviewed
CVE-2025-5306 was published Jun 27, 2025
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... High Unreviewed
CVE-2024-45505 was published Nov 18, 2024
H3C GR2200 MiniGR1A0V100R014 was discovered to contain a command injection vulnerability via the... High Unreviewed
CVE-2022-36510 was published Aug 26, 2022
H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injection vulnerability via the... High Unreviewed
CVE-2022-36509 was published Aug 26, 2022
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a... High Unreviewed
CVE-2023-33538 was published Jun 7, 2023
A vulnerability classified as critical was found in FLIR AX8 up to 1.46.16. This vulnerability... High Unreviewed
CVE-2025-5126 was published May 24, 2025
A vulnerability, which was classified as critical, was found in Wifi-soft UniBox Controller up to... High Unreviewed
CVE-2025-6104 was published Jun 16, 2025
A vulnerability classified as critical was found in Wifi-soft UniBox Controller up to 20250506.... High Unreviewed
CVE-2025-6102 was published Jun 16, 2025
A vulnerability, which was classified as critical, has been found in Wifi-soft UniBox Controller... High Unreviewed
CVE-2025-6103 was published Jun 16, 2025
Improper neutralization of special elements used in a command ('command injection') in Visual... High Unreviewed
CVE-2025-47959 was published Jun 13, 2025
A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated... High Unreviewed
CVE-2025-4231 was published Jun 13, 2025
The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters... High Unreviewed
CVE-2023-4797 was published Jan 16, 2024
'.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally. High Unreviewed
CVE-2025-47176 was published Jun 10, 2025
Improper Neutralization of Special Elements in the chromium_path variable may allow OS command... High Unreviewed
CVE-2025-4678 was published Jun 10, 2025
Improper Neutralization of Special Elements in the backup name field may allow OS command... High Unreviewed
CVE-2025-4653 was published Jun 10, 2025
A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature,... High Unreviewed
CVE-2024-51941 was published Jan 22, 2025
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution ... High Unreviewed
CVE-2024-22900 was published Feb 2, 2024
A command injection vulnerability has been reported to affect several QNAP operating system... High Unreviewed
CVE-2025-22481 was published Jun 6, 2025
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution ... High Unreviewed
CVE-2024-22903 was published Feb 2, 2024
A command injection remote code execution vulnerability exists in HPE StoreOnce Software. High Unreviewed
CVE-2025-37089 was published Jun 2, 2025
A command injection remote code execution vulnerability exists in HPE StoreOnce Software. High Unreviewed
CVE-2025-37092 was published Jun 2, 2025
ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an authenticated command injection... High Unreviewed
CVE-2023-39780 was published Sep 11, 2023
A command injection remote code execution vulnerability exists in HPE StoreOnce Software. High Unreviewed
CVE-2025-37096 was published Jun 2, 2025
A command injection remote code execution vulnerability exists in HPE StoreOnce Software. High Unreviewed
CVE-2025-37091 was published Jun 2, 2025
The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by... High Unreviewed
CVE-2025-4010 was published Jun 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database