Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,120 advisories

Loading
OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters... Critical Unreviewed
CVE-2019-25024 was published May 24, 2022
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote... Critical Unreviewed
CVE-2023-30258 was published Jun 23, 2023
Duplicate Advisory: D-Tale Command Injection vulnerability Critical
CVE-2025-0655 was published for dtale (pip) Mar 20, 2025 withdrawn
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed
CVE-2023-25699 was published Apr 3, 2024
The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command... Critical Unreviewed
CVE-2025-28137 was published Apr 15, 2025
TOTOLINK A800R V4.1.2cu.5137_B20200730 contains a remote command execution vulnerability in the... Critical Unreviewed
CVE-2025-28138 was published Mar 27, 2025
IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2022-45717 was published Dec 23, 2022
IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple command injection... Critical Unreviewed
CVE-2022-45709 was published Dec 23, 2022
The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and... Critical Unreviewed
CVE-2015-4642 was published May 17, 2022
TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2022-46598 was published Dec 30, 2022
TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2022-46597 was published Dec 30, 2022
exec-local-bin vulnerable to Command Injection Critical
CVE-2022-25923 was published for exec-local-bin (npm) Jan 6, 2023
OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT 'AC-WPS-11ac... Critical Unreviewed
CVE-2025-27797 was published Apr 9, 2025
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web... Critical Unreviewed
CVE-2024-41788 was published Apr 8, 2025
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web... Critical Unreviewed
CVE-2024-41790 was published Apr 8, 2025
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web... Critical Unreviewed
CVE-2024-41789 was published Apr 8, 2025
The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-3363 was published Apr 8, 2025
The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-3361 was published Apr 8, 2025
The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-3362 was published Apr 8, 2025
An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6... Critical Unreviewed
CVE-2021-47667 was published Apr 5, 2025
MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni... Critical Unreviewed
CVE-2023-22279 was published Jan 17, 2023
global-modules-path Command Injection vulnerability Critical
CVE-2022-21191 was published for global-modules-path (npm) Jan 13, 2023
TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the... Critical Unreviewed
CVE-2022-47853 was published Jan 17, 2023
D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2022-46476 was published Jan 20, 2023
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection... Critical Unreviewed
CVE-2022-48126 was published Jan 20, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database