Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,731
Erlang
35
GitHub Actions
29
Go
2,308
Maven
5,000+
npm
3,949
NuGet
711
pip
3,727
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,119 advisories

Loading
An authenticated user can perform command injection via unsanitized input to the NetFax Server’s... Critical Unreviewed
CVE-2025-48047 was published May 29, 2025
aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that... Critical Unreviewed
CVE-2025-5277 was published May 28, 2025
Cromwell GitHub Actions Secrets exfiltration via `Issue_comment` Critical
GHSA-phf6-hm3h-x8qp was published for broadinstitute/cromwell (GitHub Actions) May 28, 2025
darryk10 loresuso
AlbertoPellitteri
A command injection vulnerability in the component /cgi-bin/adm.cgi of Wavlink WL-WN579A3 v1.0... Critical Unreviewed
CVE-2025-44880 was published May 20, 2025
A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink WL-WN579A3 v1... Critical Unreviewed
CVE-2025-44882 was published May 20, 2025
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue... Critical Unreviewed
CVE-2025-32002 was published May 15, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper... Critical Unreviewed
CVE-2025-43562 was published May 13, 2025
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2025-45858 was published May 13, 2025
A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0)... Critical Unreviewed
CVE-2025-26389 was published May 13, 2025
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the... Critical Unreviewed
CVE-2025-45491 was published May 6, 2025
Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet... Critical Unreviewed
CVE-2025-45042 was published May 5, 2025
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed
CVE-2025-2605 was published May 2, 2025
UNI-NMS-Lite is vulnerable to a command injection attack that could allow an unauthenticated... Critical Unreviewed
CVE-2025-46271 was published Apr 25, 2025
WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command injection attack that could allow an... Critical Unreviewed
CVE-2025-46272 was published Apr 25, 2025
YoutubeDLSharp allows command injection on windows system due to non sanitized arguments Critical
CVE-2025-43858 was published for YoutubeDLSharp (NuGet) Apr 23, 2025
kitsumed alxnull
TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution... Critical Unreviewed
CVE-2025-28035 was published Apr 22, 2025
TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution... Critical Unreviewed
CVE-2025-28038 was published Apr 22, 2025
TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution... Critical Unreviewed
CVE-2025-28039 was published Apr 22, 2025
TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution... Critical Unreviewed
CVE-2025-28036 was published Apr 22, 2025
TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a... Critical Unreviewed
CVE-2025-28037 was published Apr 22, 2025
TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu... Critical Unreviewed
CVE-2025-28034 was published Apr 22, 2025
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the... Critical Unreviewed
CVE-2025-29043 was published Apr 17, 2025
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the... Critical Unreviewed
CVE-2025-29042 was published Apr 17, 2025
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the... Critical Unreviewed
CVE-2025-29040 was published Apr 17, 2025
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the... Critical Unreviewed
CVE-2025-29041 was published Apr 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database