GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,688
Composer 4,731
Erlang 35
GitHub Actions 29
Go 2,308
Maven 5,597
npm 3,949
NuGet 711
pip 3,727
Pub 12
RubyGems 920
Rust 964
Swift 38

Unreviewed advisories

All unreviewed 257,355

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

3,290 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

An authenticated user can perform command injection via unsanitized input to the NetFax Server’s... Critical Unreviewed

CVE-2025-48047 was published May 29, 2025

aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that... Critical Unreviewed

CVE-2025-5277 was published May 28, 2025

On MOBOTIX P3 cameras before MX-V4.7.2.18 and Mx6 cameras before MX-V5.2.0.61, the tcpdump... High Unreviewed

CVE-2023-34873 was published May 23, 2025

eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution... High Unreviewed

CVE-2025-3882 was published May 22, 2025

eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability. This... High Unreviewed

CVE-2025-3883 was published May 22, 2025

eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability.... High Unreviewed

CVE-2025-3881 was published May 22, 2025

Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt... Moderate Unreviewed

CVE-2025-27804 was published May 21, 2025

AAPanel v7.0.7 was discovered to contain an OS command injection vulnerability. Moderate Unreviewed

CVE-2024-42922 was published May 21, 2025

A command injection vulnerability in the component /cgi-bin/adm.cgi of Wavlink WL-WN579A3 v1.0... Critical Unreviewed

CVE-2025-44880 was published May 20, 2025

A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink WL-WN579A3 v1... Critical Unreviewed

CVE-2025-44882 was published May 20, 2025

The vCenter Server contains an authenticated command-execution vulnerability. A malicious actor... High Unreviewed

CVE-2025-41225 was published May 20, 2025

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue... Critical Unreviewed

CVE-2025-32002 was published May 15, 2025

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper... Critical Unreviewed

CVE-2025-43562 was published May 13, 2025

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability... Critical Unreviewed

CVE-2025-45858 was published May 13, 2025

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with... High Unreviewed

CVE-2025-40582 was published May 13, 2025

A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0)... Critical Unreviewed

CVE-2025-26389 was published May 13, 2025

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can... High Unreviewed

CVE-2025-32821 was published May 7, 2025

dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname... Moderate Unreviewed

CVE-2025-47203 was published May 7, 2025

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could... Moderate Unreviewed

CVE-2025-20213 was published May 7, 2025

A vulnerability in the web-based management interface of the Wireless LAN Controller feature of... High Unreviewed

CVE-2025-20186 was published May 7, 2025

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an... Moderate Unreviewed

CVE-2025-20193 was published May 7, 2025

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an... Moderate Unreviewed

CVE-2025-20194 was published May 7, 2025

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the... Critical Unreviewed

CVE-2025-45491 was published May 6, 2025

Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet... Critical Unreviewed

CVE-2025-45042 was published May 5, 2025

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed

CVE-2025-2605 was published May 2, 2025

Previous 1 2 3 4 5 … 131 132 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

3,290 advisories