Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

431 advisories

Loading
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by... Moderate Unreviewed
CVE-2025-5573 was published Jun 4, 2025
A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected... Moderate Unreviewed
CVE-2025-5621 was published Jun 5, 2025
A vulnerability was found in Jrohy trojan up to 2.15.3. It has been declared as critical. This... Moderate Unreviewed
CVE-2025-5525 was published Jun 3, 2025
A vulnerability, which was classified as critical, was found in D-Link DIR-816 1.10CNB05.... Moderate Unreviewed
CVE-2025-5620 was published Jun 5, 2025
Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools... Moderate Unreviewed
CVE-2020-27298 was published May 24, 2022
Insufficient input sanitization in ejson2env Moderate
CVE-2025-48069 was published for ejson2env (RubyGems) May 21, 2025
thepwagner alexhope61
rj-coleman Owen-Cummings
The Backup Plus extension for TYPO3 (ns_backup) allows command injections Moderate
CVE-2025-48204 was published for nitsan/ns-backup (Composer) May 21, 2025
AAPanel v7.0.7 was discovered to contain an OS command injection vulnerability. Moderate Unreviewed
CVE-2024-42922 was published May 21, 2025
Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt... Moderate Unreviewed
CVE-2025-27804 was published May 21, 2025
A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126... Moderate Unreviewed
CVE-2025-2717 was published Mar 25, 2025
dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname... Moderate Unreviewed
CVE-2025-47203 was published May 7, 2025
Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a... Moderate Unreviewed
CVE-2023-5677 was published Feb 5, 2024
A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could... Moderate Unreviewed
CVE-2025-20213 was published May 7, 2025
A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an... Moderate Unreviewed
CVE-2025-20193 was published May 7, 2025
A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an... Moderate Unreviewed
CVE-2025-20194 was published May 7, 2025
Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System... Moderate Unreviewed
CVE-2022-42055 was published Oct 27, 2022
"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability... Moderate Unreviewed
CVE-2022-35642 was published Nov 4, 2022
A vulnerability, which was classified as critical, has been found in SourceCodester Web-based... Moderate Unreviewed
CVE-2025-3729 was published Apr 16, 2025
SEPPmail through 12.1.17 allows command injection within the Admin Portal. An authenticated... Moderate Unreviewed
CVE-2022-41871 was published Apr 28, 2025
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to execute... Moderate Unreviewed
CVE-2025-43920 was published Apr 20, 2025
GigaCC OFFICE ver.2.3 and earlier allows remote attackers to execute arbitrary OS commands via... Moderate Unreviewed
CVE-2016-7844 was published May 17, 2022
Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, WSR-3200AX4B firmware Ver. 1... Moderate Unreviewed
CVE-2022-43466 was published Dec 19, 2022
Improper neutralization of special elements in the SMA100 management interface allows a remote... Moderate Unreviewed
CVE-2021-20035 was published May 24, 2022
Drupal AI Vulnerable to OS Command Injection Moderate
CVE-2025-31693 was published for drupal/ai (Composer) Apr 1, 2025
An OS Command Injection vulnerability exists in the Infinxt iEdge 100 2.1.32 Troubleshoot module,... Moderate Unreviewed
CVE-2025-26055 was published Apr 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database