Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,120 advisories

Loading
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300... Critical Unreviewed
CVE-2020-6627 was published Dec 6, 2022
Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2022-45506 was published Dec 8, 2022
egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package... Critical Unreviewed
CVE-2022-45145 was published Dec 10, 2022
TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu... Critical Unreviewed
CVE-2025-28034 was published Apr 22, 2025
TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution... Critical Unreviewed
CVE-2025-28036 was published Apr 22, 2025
Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a... Critical Unreviewed
CVE-2022-45025 was published Dec 7, 2022
TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a... Critical Unreviewed
CVE-2025-28037 was published Apr 22, 2025
D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2022-44930 was published Dec 2, 2022
D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2022-44928 was published Dec 2, 2022
YoutubeDLSharp allows command injection on windows system due to non sanitized arguments Critical
CVE-2025-43858 was published for YoutubeDLSharp (NuGet) Apr 23, 2025
kitsumed alxnull
UNI-NMS-Lite is vulnerable to a command injection attack that could allow an unauthenticated... Critical Unreviewed
CVE-2025-46271 was published Apr 25, 2025
WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command injection attack that could allow an... Critical Unreviewed
CVE-2025-46272 was published Apr 25, 2025
A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version... Critical Unreviewed
CVE-2022-44808 was published Nov 22, 2022
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in... Critical Unreviewed
CVE-2022-44251 was published Nov 23, 2022
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter... Critical Unreviewed
CVE-2022-44250 was published Nov 23, 2022
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter... Critical Unreviewed
CVE-2022-44249 was published Nov 23, 2022
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter... Critical Unreviewed
CVE-2022-44252 was published Nov 23, 2022
D-Link DIR823G 1.02B05 is vulnerable to Commad Injection. Critical Unreviewed
CVE-2022-44201 was published Nov 22, 2022
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection... Critical Unreviewed
CVE-2022-44844 was published Nov 25, 2022
vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server entrypoints Critical
CVE-2024-9053 was published for vllm (pip) Mar 20, 2025
There is a command injection vulnerability that could lead to unauthenticated remote code... Critical Unreviewed
CVE-2022-37897 was published Dec 12, 2022
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection.... Critical Unreviewed
CVE-2022-1292 was published May 4, 2022
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further... Critical Unreviewed
CVE-2022-2068 was published Jun 22, 2022
A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise... Critical Unreviewed
CVE-2022-37915 was published Oct 28, 2022
Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote... Critical Unreviewed
CVE-2024-11120 was published Nov 15, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database