Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,358
Maven
5,000+
npm
3,979
NuGet
720
pip
3,777
Pub
12
RubyGems
924
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

886 advisories

Loading
In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl... Critical Unreviewed
CVE-2023-31446 was published Jan 10, 2024
Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute... Critical Unreviewed
CVE-2023-51887 was published Jan 24, 2024
A command inject vulnerability allows an attacker to perform command injection on Windows... Critical Unreviewed
CVE-2024-3566 was published Apr 10, 2024
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE)... Critical Unreviewed
CVE-2023-52027 was published Jan 11, 2024
Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote... Critical Unreviewed
CVE-2022-45699 was published Feb 10, 2023
Blink routers BL-WR9000 V2.4.9, BL-AC1900 V1.0.2, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 V1.0.5, BL... Critical Unreviewed
CVE-2025-45984 was published Jun 13, 2025
Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL... Critical Unreviewed
CVE-2025-45986 was published Jun 13, 2025
Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL... Critical Unreviewed
CVE-2025-45988 was published Jun 13, 2025
Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL... Critical Unreviewed
CVE-2025-45987 was published Jun 13, 2025
Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL... Critical Unreviewed
CVE-2025-45985 was published Jun 13, 2025
Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html... Critical Unreviewed
CVE-2023-47253 was published Nov 6, 2023
VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command... Critical Unreviewed
CVE-2023-45498 was published Oct 27, 2023
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over... Critical Unreviewed
CVE-2025-32711 was published Jun 11, 2025
Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2023-51812 was published Jan 4, 2024
D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via... Critical Unreviewed
CVE-2023-48842 was published Dec 1, 2023
The Evertz SVDN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application.... Critical Unreviewed
CVE-2025-4009 was published May 28, 2025
D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attacker can exploit this... Critical Unreviewed
CVE-2025-44084 was published May 20, 2025
The Meteobridge web interface let meteobridge administrator manage their weather station data... Critical Unreviewed
CVE-2025-4008 was published May 21, 2025
TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the... Critical Unreviewed
CVE-2022-40475 was published Sep 30, 2022
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the... Critical Unreviewed
CVE-2025-45491 was published May 6, 2025
EnerSys AMPA versions 24.04 through 24.16, inclusive, are vulnerable to command injection leading... Critical Unreviewed
CVE-2024-12442 was published May 9, 2025
EnerSys AMPA 22.09 and prior versions are vulnerable to command injection leading to privileged... Critical Unreviewed
CVE-2024-11861 was published May 9, 2025
TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a command execution vulnerability in the... Critical Unreviewed
CVE-2025-45800 was published May 2, 2025
Jan v0.5.14 and before is vulnerable to remote code execution (RCE) when the user clicks on a... Critical Unreviewed
CVE-2025-29509 was published May 9, 2025
D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via... Critical Unreviewed
CVE-2022-43184 was published Oct 19, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database