Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,908
Erlang
39
GitHub Actions
38
Go
2,568
Maven
5,000+
npm
4,239
NuGet
754
pip
4,003
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,245 advisories

Loading
mcp-remote exposed to OS command injection via untrusted MCP server connections Critical
CVE-2025-6514 was published for mcp-remote (npm) Jul 9, 2025
The device has two web servers that expose unauthenticated REST APIs on the management network ... Critical Unreviewed
CVE-2025-3499 was published Jul 9, 2025
A remote attacker with administrator account can gain full control of the device due to improper... Critical Unreviewed
CVE-2025-3626 was published Jul 7, 2025
An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this... Critical Unreviewed
CVE-2025-48501 was published Jul 7, 2025
An authenticated command injection vulnerability exists in Pi-hole versions up to 3.3. When... Critical Unreviewed
CVE-2025-34087 was published Jul 3, 2025
A command injection vulnerability exists in IGEL OS versions prior to 11.04.270 within the Secure... Critical Unreviewed
CVE-2025-34082 was published Jul 3, 2025
An unauthenticated command injection vulnerability exists in stamparm/maltrail (Maltrail)... Critical Unreviewed
CVE-2025-34073 was published Jul 2, 2025
Conductor vulnerable to OS command injection through unrestricted access to Java classes Critical
CVE-2025-26074 was published for org.conductoross:conductor-core (Maven) Jun 30, 2025
An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint... Critical Unreviewed
CVE-2025-34041 was published Jun 26, 2025
A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of... Critical Unreviewed
CVE-2025-34039 was published Jun 26, 2025
Multiple wireless router models from Sapido have an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-6559 was published Jun 26, 2025
An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting... Critical Unreviewed
CVE-2025-34036 was published Jun 26, 2025
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and... Critical Unreviewed
CVE-2025-34035 was published Jun 26, 2025
WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS... Critical Unreviewed
CVE-2025-48890 was published Jun 24, 2025
WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS... Critical Unreviewed
CVE-2025-43879 was published Jun 24, 2025
An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13... Critical Unreviewed
CVE-2025-34029 was published Jun 20, 2025
An authenticated user can perform command injection via unsanitized input to the NetFax Server’s... Critical Unreviewed
CVE-2025-48047 was published May 29, 2025
aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that... Critical Unreviewed
CVE-2025-5277 was published May 28, 2025
Cromwell GitHub Actions Secrets exfiltration via `Issue_comment` Critical
GHSA-phf6-hm3h-x8qp was published for broadinstitute/cromwell (GitHub Actions) May 28, 2025
darryk10 loresuso
AlbertoPellitteri
Credited to darryk10, loresuso, and AlbertoPellitteri
A command injection vulnerability in the component /cgi-bin/adm.cgi of Wavlink WL-WN579A3 v1.0... Critical Unreviewed
CVE-2025-44880 was published May 20, 2025
A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink WL-WN579A3 v1... Critical Unreviewed
CVE-2025-44882 was published May 20, 2025
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue... Critical Unreviewed
CVE-2025-32002 was published May 15, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper... Critical Unreviewed
CVE-2025-43562 was published May 13, 2025
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2025-45858 was published May 13, 2025
A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0)... Critical Unreviewed
CVE-2025-26389 was published May 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database