Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,300 advisories

Loading
A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206... High Unreviewed
CVE-2023-43482 was published Feb 6, 2024
A post authentication command injection vulnerability exists when setting up the PPTP global... High Unreviewed
CVE-2023-42664 was published Feb 6, 2024
A post authentication command injection vulnerability exists when configuring the web group... High Unreviewed
CVE-2023-47617 was published Feb 6, 2024
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a... High Unreviewed
CVE-2023-28528 was published Apr 28, 2023
Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality... High Unreviewed
CVE-2023-24582 was published Jul 6, 2023
Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1... High Unreviewed
CVE-2023-24520 was published Jul 6, 2023
Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight... High Unreviewed
CVE-2023-25582 was published Jul 6, 2023
Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight... High Unreviewed
CVE-2023-25583 was published Jul 6, 2023
An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of... High Unreviewed
CVE-2023-28381 was published Oct 11, 2023
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of... High Unreviewed
CVE-2023-35194 was published Oct 11, 2023
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave... High Unreviewed
CVE-2023-35963 was published Jan 8, 2024
A post authentication command injection vulnerability exists in the ipsec policy functionality of... High Unreviewed
CVE-2023-47209 was published Feb 6, 2024
A vulnerability was found in csmock where a regular user of the OSH service (anyone with a valid... High Unreviewed
CVE-2024-2243 was published Apr 10, 2024
MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. A... High Unreviewed
CVE-2025-8748 was published Aug 8, 2025
Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known... High Unreviewed
CVE-2025-45379 was published Nov 5, 2025
Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known... High Unreviewed
CVE-2025-30479 was published Nov 5, 2025
Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component... High Unreviewed
CVE-2018-25122 was published Oct 31, 2025
Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF... High Unreviewed
CVE-2020-36867 was published Oct 31, 2025
Jenkins Azure CLI Plugin does not restrict the commands it executes High
CVE-2025-64140 was published for org.jenkins-ci.plugins:azure-cli (Maven) Oct 29, 2025
Magento OS Command ('OS Command Injection') vulnerability High
CVE-2024-39401 was published for magento/community-edition (Composer) Aug 14, 2024
Magento OS Command ('OS Command Injection') vulnerability High
CVE-2024-39402 was published for magento/community-edition (Composer) Aug 14, 2024
Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto... High Unreviewed
CVE-2013-10073 was published Oct 31, 2025
Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP... High Unreviewed
CVE-2025-34280 was published Oct 31, 2025
evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability. This... High Unreviewed
CVE-2025-12489 was published Nov 6, 2025
Magento XML Injection vulnerability in the Widgets Update Layout High
CVE-2021-36022 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database