Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,726
Maven
5,000+
npm
4,331
NuGet
763
pip
4,107
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,289 advisories

Loading
Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the ... Critical Unreviewed
CVE-2023-7304 was published Oct 15, 2025
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection... Critical Unreviewed
CVE-2025-34513 was published Oct 16, 2025
The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-11900 was published Oct 17, 2025
GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command... Critical Unreviewed
CVE-2018-25118 was published Oct 21, 2025
An arbitrary OS command may be executed on the product by a remote unauthenticated attacker. Critical Unreviewed
CVE-2025-6542 was published Oct 21, 2025
A command injection vulnerability may be exploited after the admin's authentication on the web... Critical Unreviewed
CVE-2025-7850 was published Oct 21, 2025
NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow Critical
CVE-2025-54469 was published for github.com/neuvector/neuvector (Go) Oct 21, 2025
AMTT Hotel Broadband Operation System (HiBOS) contains an unauthenticated command injection... Critical Unreviewed
CVE-2016-15048 was published Oct 22, 2025
Antabot White-Jotter up to commit 9bcadc was discovered to contain an unauthenticated remote code... Critical Unreviewed
CVE-2025-60803 was published Oct 24, 2025
D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a... Critical Unreviewed
CVE-2018-25120 was published Oct 29, 2025
win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2025-11202 was published Oct 29, 2025
Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution... Critical Unreviewed
CVE-2020-36856 was published Oct 31, 2025
Nagios XI versions prior to 2024R1.4.2 contain a remote code execution vulnerability in the... Critical Unreviewed
CVE-2025-34134 was published Oct 31, 2025
Nagios XI versions prior to 2024R1.2 are vulnerable to remote code execution (RCE) through its... Critical Unreviewed
CVE-2024-14003 was published Oct 31, 2025
Nagios XI versions prior to 2024R1.3.2 contain a remote command execution vulnerability in the... Critical Unreviewed
CVE-2024-14008 was published Oct 31, 2025
Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker... Critical Unreviewed
CVE-2024-14005 was published Oct 31, 2025
Nagios XI versions prior to 2026R1 contain a remote code execution vulnerability in the Core... Critical Unreviewed
CVE-2025-34286 was published Oct 31, 2025
Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin.... Critical Unreviewed
CVE-2025-34284 was published Oct 31, 2025
@react-native-community/cli has arbitrary OS command injection Critical
CVE-2025-11953 was published for @react-native-community/cli (npm) Nov 3, 2025
Malayke cylewaitforit
liamjones conorfitch
Credited to Malayke, cylewaitforit, liamjones, and conorfitch
OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted... Critical Unreviewed
CVE-2025-61304 was published Nov 5, 2025
Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A... Critical Unreviewed
CVE-2025-45378 was published Nov 5, 2025
PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution... Critical Unreviewed
CVE-2025-63334 was published Nov 5, 2025
D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command... Critical Unreviewed
CVE-2022-50596 was published Nov 6, 2025
Cross-site Scripting vulnerability in NEC Corporation UNIVERGE IX from Ver.9.5 to Ver.10.7, from... Critical Unreviewed
CVE-2025-11546 was published Nov 7, 2025
A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration... Critical Unreviewed
CVE-2025-10230 was published Nov 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database