GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,908
Erlang
39
GitHub Actions
38
Go
2,568
Maven
5,000+
npm
4,240
NuGet
754
pip
4,004
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+
1,245 advisories
Filter by severity
The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing...
Critical
Unreviewed
CVE-2025-11900
was published
Oct 17, 2025
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection...
Critical
Unreviewed
CVE-2025-34513
was published
Oct 16, 2025
Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the ...
Critical
Unreviewed
CVE-2023-7304
was published
Oct 15, 2025
BYTEVALUE Intelligent Flow Control Router contains a command injection vulnerability via the ...
Critical
Unreviewed
CVE-2023-7311
was published
Oct 15, 2025
An OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform...
Critical
Unreviewed
CVE-2025-9976
was published
Oct 13, 2025
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F...
Critical
Unreviewed
CVE-2025-60964
was published
Oct 6, 2025
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F...
Critical
Unreviewed
CVE-2025-60965
was published
Oct 6, 2025
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F...
Critical
Unreviewed
CVE-2025-60957
was published
Oct 6, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability...
Critical
Unreviewed
CVE-2025-59740
was published
Oct 2, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability...
Critical
Unreviewed
CVE-2025-59735
was published
Oct 2, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability...
Critical
Unreviewed
CVE-2025-59736
was published
Oct 2, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability...
Critical
Unreviewed
CVE-2025-59741
was published
Oct 2, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability...
Critical
Unreviewed
CVE-2025-59738
was published
Oct 2, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability...
Critical
Unreviewed
CVE-2025-59737
was published
Oct 2, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability...
Critical
Unreviewed
CVE-2025-59739
was published
Oct 2, 2025
The Telenium Online Web Application is vulnerable due to a PHP endpoint accessible to...
Critical
Unreviewed
CVE-2025-10659
was published
Sep 30, 2025
The Post By Email plugin for WordPress is vulnerable to arbitrary file uploads due to missing...
Critical
Unreviewed
CVE-2025-9762
was published
Sep 30, 2025
check-branches is vulnerable to command Injection
Critical
CVE-2025-11148
was published
for
check-branches
(npm)
Sep 30, 2025
An OS command injection vulnerability in user interface in Western Digital My Cloud firmware...
Critical
Unreviewed
CVE-2025-30247
was published
Sep 29, 2025
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')...
Critical
Unreviewed
CVE-2025-11005
was published
Sep 25, 2025
Command Injection in adb-mcp MCP Server
Critical
CVE-2025-59834
was published
for
adb-mcp
(npm)
Sep 24, 2025
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')...
Critical
Unreviewed
CVE-2025-52906
was published
Sep 24, 2025
An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT...
Critical
Unreviewed
CVE-2025-56819
was published
Sep 24, 2025
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')...
Critical
Unreviewed
CVE-2025-9588
was published
Sep 23, 2025
CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote...
Critical
Unreviewed
CVE-2025-48703
was published
Sep 22, 2025
ProTip!
Advisories are also available from the
GraphQL API