Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

947 advisories

Loading
D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via... Critical Unreviewed
CVE-2023-48842 was published Dec 1, 2023
An authenticated user can perform command injection via unsanitized input to the NetFax Server’s... Critical Unreviewed
CVE-2025-48047 was published May 29, 2025
Netwrix Password Secure 9.2.0.32454 allows OS command injection. Critical Unreviewed
CVE-2025-26817 was published Apr 3, 2025
aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that... Critical Unreviewed
CVE-2025-5277 was published May 28, 2025
TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the... Critical Unreviewed
CVE-2022-40475 was published Sep 30, 2022
A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink WL-WN579A3 v1... Critical Unreviewed
CVE-2025-44882 was published May 20, 2025
A command injection vulnerability in the component /cgi-bin/adm.cgi of Wavlink WL-WN579A3 v1.0... Critical Unreviewed
CVE-2025-44880 was published May 20, 2025
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed
CVE-2025-2605 was published May 2, 2025
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue... Critical Unreviewed
CVE-2025-32002 was published May 15, 2025
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2025-45858 was published May 13, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper... Critical Unreviewed
CVE-2025-43562 was published May 13, 2025
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the... Critical Unreviewed
CVE-2025-45491 was published May 6, 2025
A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0)... Critical Unreviewed
CVE-2025-26389 was published May 13, 2025
MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell... Critical Unreviewed
CVE-2016-20016 was published Oct 19, 2022
D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via... Critical Unreviewed
CVE-2022-43184 was published Oct 19, 2022
Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet... Critical Unreviewed
CVE-2025-45042 was published May 5, 2025
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality.... Critical Unreviewed
CVE-2024-6047 was published Jun 17, 2024
Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote... Critical Unreviewed
CVE-2024-11120 was published Nov 15, 2024
A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise... Critical Unreviewed
CVE-2022-37915 was published Oct 28, 2022
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further... Critical Unreviewed
CVE-2022-2068 was published Jun 22, 2022
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection.... Critical Unreviewed
CVE-2022-1292 was published May 4, 2022
There is a command injection vulnerability that could lead to unauthenticated remote code... Critical Unreviewed
CVE-2022-37897 was published Dec 12, 2022
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection... Critical Unreviewed
CVE-2022-44844 was published Nov 25, 2022
D-Link DIR823G 1.02B05 is vulnerable to Commad Injection. Critical Unreviewed
CVE-2022-44201 was published Nov 22, 2022
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter... Critical Unreviewed
CVE-2022-44252 was published Nov 23, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database