Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,908
Erlang
39
GitHub Actions
38
Go
2,568
Maven
5,000+
npm
4,240
NuGet
754
pip
4,004
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,246 advisories

Loading
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue... High Unreviewed
CVE-2025-58116 was published Sep 17, 2025
An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and... High Unreviewed
CVE-2025-34088 was published Jul 3, 2025
OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by... High Unreviewed
CVE-2024-35306 was published Jun 10, 2024
Flowise has unsandboxed remote code execution via Custom MCP High
GHSA-6933-jpx5-q87q was published for flowise (npm) Sep 15, 2025
assaf-levkovich-jf
Credited to assaf-levkovich-jf
OS Command ('OS Command Injection') vulnerability in Calix GigaCenter ONT (Quantenna SoC modules)... High Unreviewed
CVE-2025-54084 was published Sep 9, 2025
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an... High Unreviewed
CVE-2025-27234 was published Sep 12, 2025
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper... High Unreviewed
CVE-2025-43884 was published Sep 10, 2025
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper... High Unreviewed
CVE-2025-43885 was published Sep 10, 2025
OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to... High Unreviewed
CVE-2025-56413 was published Sep 10, 2025
Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 ... High Unreviewed
CVE-2024-5461 was published Feb 15, 2025
The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to run code on the... High Unreviewed
CVE-2025-23344 was published Sep 9, 2025
A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on... High Unreviewed
CVE-2024-7517 was published Sep 9, 2025
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue.... High Unreviewed
CVE-2024-8957 was published Sep 17, 2024
Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local... High Unreviewed
CVE-2025-56803 was published Sep 8, 2025
Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert... High Unreviewed
CVE-2021-20039 was published Dec 9, 2021
A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20... High Unreviewed
CVE-2024-51503 was published Nov 19, 2024
The authenticated remote command execution (RCE) vulnerability exists in the Parental Control... High Unreviewed
CVE-2025-9377 was published Aug 29, 2025
XStream can be used for Remote Code Execution High
CVE-2020-26217 was published for com.thoughtworks.xstream:xstream (Maven) Nov 16, 2020
Vacron Camera ping Command Injection Remote Code Execution Vulnerability. This vulnerability... High Unreviewed
CVE-2025-8613 was published Sep 2, 2025
Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If... High Unreviewed
CVE-2025-53508 was published Aug 29, 2025
LLama Factory Remote OS Command Injection Vulnerability High
CVE-2024-52803 was published for llamafactory (pip) Nov 21, 2024
superboy-zjc
Credited to superboy-zjc
An improper input validation vulnerability was discovered in the NTP server configuration field... High Unreviewed
CVE-2025-22495 was published Feb 24, 2025
Three OS command injection vulnerabilities exist in the web interface I/O configuration... High Unreviewed
CVE-2024-28027 was published Aug 26, 2025
Three OS command injection vulnerabilities exist in the web interface I/O configuration... High Unreviewed
CVE-2024-28025 was published Aug 26, 2025
Three OS command injection vulnerabilities exist in the web interface I/O configuration... High Unreviewed
CVE-2024-28026 was published Aug 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database