Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,261 advisories

Loading
Multiple wireless router models from Sapido have an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-6559 was published Jun 26, 2025
An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint... Critical Unreviewed
CVE-2025-34041 was published Jun 26, 2025
An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting... Critical Unreviewed
CVE-2025-34036 was published Jun 26, 2025
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and... Critical Unreviewed
CVE-2025-34035 was published Jun 26, 2025
WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS... Critical Unreviewed
CVE-2025-43879 was published Jun 24, 2025
WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS... Critical Unreviewed
CVE-2025-48890 was published Jun 24, 2025
An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13... Critical Unreviewed
CVE-2025-34029 was published Jun 20, 2025
An authenticated user can perform command injection via unsanitized input to the NetFax Server’s... Critical Unreviewed
CVE-2025-48047 was published May 29, 2025
aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that... Critical Unreviewed
CVE-2025-5277 was published May 28, 2025
Cromwell GitHub Actions Secrets exfiltration via `Issue_comment` Critical
GHSA-phf6-hm3h-x8qp was published for broadinstitute/cromwell (GitHub Actions) May 28, 2025
darryk10 loresuso
AlbertoPellitteri
Credited to darryk10, loresuso, and AlbertoPellitteri
A command injection vulnerability in the component /cgi-bin/adm.cgi of Wavlink WL-WN579A3 v1.0... Critical Unreviewed
CVE-2025-44880 was published May 20, 2025
A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink WL-WN579A3 v1... Critical Unreviewed
CVE-2025-44882 was published May 20, 2025
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue... Critical Unreviewed
CVE-2025-32002 was published May 15, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper... Critical Unreviewed
CVE-2025-43562 was published May 13, 2025
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2025-45858 was published May 13, 2025
A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0)... Critical Unreviewed
CVE-2025-26389 was published May 13, 2025
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the... Critical Unreviewed
CVE-2025-45491 was published May 6, 2025
Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet... Critical Unreviewed
CVE-2025-45042 was published May 5, 2025
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed
CVE-2025-2605 was published May 2, 2025
UNI-NMS-Lite is vulnerable to a command injection attack that could allow an unauthenticated... Critical Unreviewed
CVE-2025-46271 was published Apr 25, 2025
WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command injection attack that could allow an... Critical Unreviewed
CVE-2025-46272 was published Apr 25, 2025
YoutubeDLSharp allows command injection on windows system due to non sanitized arguments Critical
CVE-2025-43858 was published for YoutubeDLSharp (NuGet) Apr 23, 2025
kitsumed alxnull
Credited to kitsumed and alxnull
TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution... Critical Unreviewed
CVE-2025-28036 was published Apr 22, 2025
TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution... Critical Unreviewed
CVE-2025-28035 was published Apr 22, 2025
TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution... Critical Unreviewed
CVE-2025-28038 was published Apr 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database