Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,120 advisories

Loading
D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via... Critical Unreviewed
CVE-2023-48842 was published Dec 1, 2023
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled Critical
CVE-2024-56145 was published for craftcms/cms (Composer) Dec 18, 2024
akues-an
An authenticated user can perform command injection via unsanitized input to the NetFax Server’s... Critical Unreviewed
CVE-2025-48047 was published May 29, 2025
Netwrix Password Secure 9.2.0.32454 allows OS command injection. Critical Unreviewed
CVE-2025-26817 was published Apr 3, 2025
aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that... Critical Unreviewed
CVE-2025-5277 was published May 28, 2025
Cromwell GitHub Actions Secrets exfiltration via `Issue_comment` Critical
GHSA-phf6-hm3h-x8qp was published for broadinstitute/cromwell (GitHub Actions) May 28, 2025
darryk10 loresuso
AlbertoPellitteri
TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the... Critical Unreviewed
CVE-2022-40475 was published Sep 30, 2022
A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink WL-WN579A3 v1... Critical Unreviewed
CVE-2025-44882 was published May 20, 2025
A command injection vulnerability in the component /cgi-bin/adm.cgi of Wavlink WL-WN579A3 v1.0... Critical Unreviewed
CVE-2025-44880 was published May 20, 2025
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed
CVE-2025-2605 was published May 2, 2025
Apache Kylin vulnerable to remote code execution Critical
CVE-2022-24697 was published for org.apache.kylin:kylin-core-common (Maven) Jul 6, 2023
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue... Critical Unreviewed
CVE-2025-32002 was published May 15, 2025
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2025-45858 was published May 13, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper... Critical Unreviewed
CVE-2025-43562 was published May 13, 2025
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the... Critical Unreviewed
CVE-2025-45491 was published May 6, 2025
A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0)... Critical Unreviewed
CVE-2025-26389 was published May 13, 2025
MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell... Critical Unreviewed
CVE-2016-20016 was published Oct 19, 2022
D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via... Critical Unreviewed
CVE-2022-43184 was published Oct 19, 2022
Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet... Critical Unreviewed
CVE-2025-45042 was published May 5, 2025
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality.... Critical Unreviewed
CVE-2024-6047 was published Jun 17, 2024
Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote... Critical Unreviewed
CVE-2024-11120 was published Nov 15, 2024
A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise... Critical Unreviewed
CVE-2022-37915 was published Oct 28, 2022
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further... Critical Unreviewed
CVE-2022-2068 was published Jun 22, 2022
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection.... Critical Unreviewed
CVE-2022-1292 was published May 4, 2022
There is a command injection vulnerability that could lead to unauthenticated remote code... Critical Unreviewed
CVE-2022-37897 was published Dec 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database