GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,775
Composer 5,036
Erlang 39
GitHub Actions 38
Go 2,680
Maven 6,124
npm 4,308
NuGet 760
pip 4,080
Pub 12
RubyGems 958
Rust 1,061
Swift 45

Unreviewed advisories

All unreviewed 278,241

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,090 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

An OS command injection vulnerability exists due to incomplete validation of user-supplied input... Critical Unreviewed

CVE-2025-64128 was published Nov 26, 2025

An OS command injection vulnerability exists due to insufficient sanitization of user-supplied... Critical Unreviewed

CVE-2025-64127 was published Nov 26, 2025

Improper neutralization of special elements used in an OS command ('command injection') in Cursor... Critical Unreviewed

CVE-2025-62354 was published Nov 26, 2025

An OS command injection vulnerability exists due to improper input validation. The application... Critical Unreviewed

CVE-2025-64126 was published Nov 26, 2025

Unauthenticated OS Command Injection (start_upgrade.php) in DB Electronica Telecomunicazioni S.p... Critical Unreviewed

CVE-2025-66253 was published Nov 26, 2025

Unauthenticated OS Command Injection (restore_settings.php) in DB Electronica Telecomunicazioni S... Critical Unreviewed

CVE-2025-66261 was published Nov 26, 2025

Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware (used by many white-labeled DVR/NVR... Critical Unreviewed

CVE-2018-25126 was published Nov 24, 2025

ThinPLUS developed by ThinPLUS has an OS Command Injection vulnerability, allowing... Critical Unreviewed

CVE-2025-13284 was published Nov 17, 2025

TG8 Firewall contains a pre-authentication remote code execution vulnerability in the runphpcmd... Critical Unreviewed

CVE-2021-4470 was published Nov 15, 2025

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration... Critical Unreviewed

CVE-2025-10230 was published Nov 7, 2025

Cross-site Scripting vulnerability in NEC Corporation UNIVERGE IX from Ver.9.5 to Ver.10.7, from... Critical Unreviewed

CVE-2025-11546 was published Nov 7, 2025

D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command... Critical Unreviewed

CVE-2022-50596 was published Nov 6, 2025

PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution... Critical Unreviewed

CVE-2025-63334 was published Nov 5, 2025

Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A... Critical Unreviewed

CVE-2025-45378 was published Nov 5, 2025

OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted... Critical Unreviewed

CVE-2025-61304 was published Nov 5, 2025

Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin.... Critical Unreviewed

CVE-2025-34284 was published Oct 31, 2025

Nagios XI versions prior to 2026R1 contain a remote code execution vulnerability in the Core... Critical Unreviewed

CVE-2025-34286 was published Oct 31, 2025

Nagios XI versions prior to 2024R1.2 are vulnerable to remote code execution (RCE) through its... Critical Unreviewed

CVE-2024-14003 was published Oct 31, 2025

Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker... Critical Unreviewed

CVE-2024-14005 was published Oct 31, 2025

Nagios XI versions prior to 2024R1.3.2 contain a remote command execution vulnerability in the... Critical Unreviewed

CVE-2024-14008 was published Oct 31, 2025

Nagios XI versions prior to 2024R1.4.2 contain a remote code execution vulnerability in the... Critical Unreviewed

CVE-2025-34134 was published Oct 31, 2025

Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution... Critical Unreviewed

CVE-2020-36856 was published Oct 31, 2025

D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a... Critical Unreviewed

CVE-2018-25120 was published Oct 29, 2025

win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability. This... Critical Unreviewed

CVE-2025-11202 was published Oct 29, 2025

Antabot White-Jotter up to commit 9bcadc was discovered to contain an unauthenticated remote code... Critical Unreviewed

CVE-2025-60803 was published Oct 24, 2025

Previous1…44 Next

Previous 1 2 3 4 5 … 43 44 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,090 advisories