Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,811
Erlang
36
GitHub Actions
32
Go
2,396
Maven
5,000+
npm
4,033
NuGet
721
pip
3,824
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,787 advisories

Loading
The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh:/... Moderate Unreviewed
CVE-2023-53158 was published Jul 28, 2025
A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The... Critical Unreviewed
CVE-2014-125118 was published Jul 25, 2025
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used... Critical Unreviewed
CVE-2025-5243 was published Jul 25, 2025
The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions... Critical Unreviewed
CVE-2019-25224 was published Jul 25, 2025
Calibre Web and Autocaliweb have OS Command Injection vulnerability Moderate
CVE-2025-7404 was published for calibreweb (pip) Jul 24, 2025
gelbphoenix
An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and... Critical Unreviewed
CVE-2015-10141 was published Jul 23, 2025
Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code... Critical Unreviewed
CVE-2022-4978 was published Jul 23, 2025
An authenticated remote attacker can execute arbitrary commands with root privileges on affected... High Unreviewed
CVE-2025-41683 was published Jul 23, 2025
An authenticated remote attacker can execute arbitrary commands with root privileges on affected... High Unreviewed
CVE-2025-41684 was published Jul 23, 2025
bun vulnerable to OS Command Injection High
CVE-2025-8022 was published for bun (npm) Jul 23, 2025
lirantal
Improper neutralization of special elements used in an OS command ('OS Command Injection')... High Unreviewed
CVE-2024-53286 was published Jul 23, 2025
A potential command injection vulnerability has been identified in the Poly Clariti Manager for... Moderate Unreviewed
CVE-2025-43020 was published Jul 23, 2025
A command injection vulnerability exists that can be exploited after authentication in VIGI... High Unreviewed
CVE-2025-7723 was published Jul 22, 2025
An unauthenticated OS command injection vulnerability exists in VIGI NVR1104H-4P V1 and VIGI... Critical Unreviewed
CVE-2025-7724 was published Jul 22, 2025
An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The... Critical Unreviewed
CVE-2025-34143 was published Jul 22, 2025
WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS... High Unreviewed
CVE-2025-53472 was published Jul 22, 2025
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /_internal... Critical Unreviewed
CVE-2025-36846 was published Jul 21, 2025
A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21... High Unreviewed
CVE-2025-7382 was published Jul 21, 2025
An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos... Critical Unreviewed
CVE-2025-6704 was published Jul 21, 2025
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139... High Unreviewed
CVE-2025-46117 was published Jul 21, 2025
A high privileged remote attacker can execute arbitrary system commands via POST requests in the... High Unreviewed
CVE-2025-41673 was published Jul 21, 2025
A high privileged remote attacker can execute arbitrary system commands via POST requests in the... High Unreviewed
CVE-2025-41674 was published Jul 21, 2025
A high privileged remote attacker can execute arbitrary system commands via GET requests in the... High Unreviewed
CVE-2025-41675 was published Jul 21, 2025
The web application allows user input to pass unfiltered to a command executed on the underlying... Critical Unreviewed
CVE-2025-24936 was published Jul 21, 2025
The web application allows user input to pass unfiltered to a command executed on the underlying... High Unreviewed
CVE-2025-24938 was published Jul 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database