Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,519
Maven
5,000+
npm
4,156
NuGet
736
pip
3,956
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,906 advisories

Loading
The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in... High Unreviewed
CVE-2014-0773 was published May 17, 2022
Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail... Moderate Unreviewed
CVE-2025-59689 was published Sep 19, 2025
FitNesse allows execution of arbitrary OS commands Critical
CVE-2024-28125 was published for org.fitnesse:fitnesse (Maven) Mar 18, 2024
A command injection vulnerability in COMFAST CF-XR11 (firmware V2.7.2) exists in the multi_pppoe... High Unreviewed
CVE-2025-57293 was published Sep 18, 2025
A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor... Critical Unreviewed
CVE-2025-10035 was published Sep 19, 2025
An issue Clip Bucket v.5.5.2 Build#90 allows a remote attacker to execute arbitrary codes via the... Moderate Unreviewed
CVE-2025-55911 was published Sep 18, 2025
@sequa-ai/sequa-mcp has Command Injection vulnerability Low
CVE-2025-10619 was published for @sequa-ai/sequa-mcp (npm) Sep 17, 2025
The cbis_manager Podman container is vulnerable to remote command execution via the /api/plugins... High Unreviewed
CVE-2023-49565 was published Sep 18, 2025
Adform Site Tracking 1.1 allows attackers to inject HTML or execute arbitrary code via cookie... Moderate Unreviewed
CVE-2025-50891 was published Aug 19, 2025
Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products. High Unreviewed
CVE-2024-6333 was published Oct 17, 2024
In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61,... High Unreviewed
CVE-2025-59458 was published Sep 17, 2025
Edimax BR-6473AX v1.0.28 was discovered to contain a remote code execution (RCE) vulnerability... High Unreviewed
CVE-2025-56706 was published Sep 16, 2025
Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command... High Unreviewed
CVE-2024-12992 was published Mar 17, 2025
Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command... High Unreviewed
CVE-2024-12971 was published Mar 17, 2025
An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to gain sensitive information or... High Unreviewed
CVE-2025-56406 was published Sep 10, 2025
Improper Neutralization of Special Elements in the Netflow directory field may allow OS command... High Unreviewed
CVE-2025-5306 was published Jun 27, 2025
A vulnerability was found in wangzhixuan spring-shiro-training up to... Moderate Unreviewed
CVE-2025-8752 was published Aug 9, 2025
mcp-kubernetes-server has a Command Injection vulnerability Low
CVE-2025-59376 was published for mcp-kubernetes-server (pip) Sep 15, 2025
A vulnerability was determined in neurobin shc up to 4.0.3. This vulnerability affects the... Moderate Unreviewed
CVE-2025-9174 was published Aug 20, 2025
A vulnerability classified as critical has been found in Eluktronics Control Center 5.23.51.41.... High Unreviewed
CVE-2025-7883 was published Jul 20, 2025
TYPO3 Install Tool vulnerable to Code Execution High
CVE-2024-22188 was published for typo3/cms-core (Composer) Feb 13, 2024
bnf
TOTOLINK X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in... Critical Unreviewed
CVE-2025-52053 was published Sep 15, 2025
Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in... Critical Unreviewed
CVE-2025-52046 was published Jul 17, 2025
Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in... Moderate Unreviewed
CVE-2025-52284 was published Jul 29, 2025
A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function... Moderate Unreviewed
CVE-2025-10442 was published Sep 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database