Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,904
Erlang
38
GitHub Actions
38
Go
2,566
Maven
5,000+
npm
4,237
NuGet
753
pip
4,001
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,970 advisories

Loading
Reolink Video Doorbell WiFi DB_566128M5MP_W performs insufficient validation of firmware update... Moderate Unreviewed
CVE-2025-60855 was published Oct 16, 2025
An arbitrary file upload vulnerability in SageMath, Inc CoCalc before commit 0d2ff58 allows... Moderate Unreviewed
CVE-2025-61514 was published Oct 16, 2025
Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a... Moderate Unreviewed
CVE-2025-58132 was published Oct 15, 2025
Flowise: Authenticated Command Execution and Sandbox Bypass via Puppeteer and Playwright Packages High
CVE-2025-34267 was published for flowise (npm) Oct 14, 2025
A vulnerability in the web-based management interface of network access point configuration... High Unreviewed
CVE-2025-37146 was published Oct 14, 2025
An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller... High Unreviewed
CVE-2025-37133 was published Oct 14, 2025
An authenticated command injection vulnerability exists in the command line interface binary of... Moderate Unreviewed
CVE-2025-37138 was published Oct 14, 2025
An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller... High Unreviewed
CVE-2025-37134 was published Oct 14, 2025
tracexec has `env` command argument injection via environment variables starting with dash in traced exec events Low
GHSA-6fgx-x7m2-74qm was published for tracexec (Rust) Oct 13, 2025
kxxt
Credited to kxxt
A vulnerability was detected in D-Link DAP-2695 2.00RC131. This affects the function... Moderate Unreviewed
CVE-2025-11665 was published Oct 13, 2025
An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of... Moderate Unreviewed
CVE-2025-60268 was published Oct 10, 2025
An arbitrary file upload vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary code... Moderate Unreviewed
CVE-2025-60838 was published Oct 10, 2025
Copilot Spoofing Vulnerability Moderate Unreviewed
CVE-2025-59286 was published Oct 9, 2025
Copilot Spoofing Vulnerability Moderate Unreviewed
CVE-2025-59272 was published Oct 9, 2025
M365 Copilot Spoofing Vulnerability Moderate Unreviewed
CVE-2025-59252 was published Oct 9, 2025
An issue WebKul Bagisto v.2.3.6 allows a remote attacker to execute arbitrary code via the Cart... Moderate Unreviewed
CVE-2025-56426 was published Oct 9, 2025
A vulnerability was detected in Tenda AC7 15.03.06.44. This vulnerability affects unknown code of... Moderate Unreviewed
CVE-2025-11523 was published Oct 9, 2025
A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected... Moderate Unreviewed
CVE-2025-11490 was published Oct 8, 2025
A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element... Moderate Unreviewed
CVE-2025-11491 was published Oct 8, 2025
Deno is Vulnerable to Command Injection on Windows During Batch File Execution High
CVE-2025-61787 was published for deno (Rust) Oct 8, 2025
R4356th
Credited to R4356th
A weakness has been identified in D-Link DI-7001 MINI 24.04.18B1. Impacted is an unknown function... Moderate Unreviewed
CVE-2025-11407 was published Oct 7, 2025
MCPHub's ServerController is vulnerable to Command Injection Low
CVE-2025-11285 was published for @samanhappy/mcphub (npm) Oct 5, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability... Critical Unreviewed
CVE-2025-59740 was published Oct 2, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability... Critical Unreviewed
CVE-2025-59735 was published Oct 2, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability... Critical Unreviewed
CVE-2025-59736 was published Oct 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database