Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,950
Erlang
39
GitHub Actions
38
Go
2,603
Maven
5,000+
npm
4,250
NuGet
755
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,072 advisories

Loading
The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the... Critical Unreviewed
CVE-2025-58428 was published Oct 23, 2025
NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow Critical
CVE-2025-54469 was published for github.com/neuvector/neuvector (Go) Oct 21, 2025
Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command... Critical Unreviewed
CVE-2025-10020 was published Oct 21, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability... Critical Unreviewed
CVE-2025-59741 was published Oct 2, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability... Critical Unreviewed
CVE-2025-59738 was published Oct 2, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability... Critical Unreviewed
CVE-2025-59736 was published Oct 2, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability... Critical Unreviewed
CVE-2025-59735 was published Oct 2, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability... Critical Unreviewed
CVE-2025-59740 was published Oct 2, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability... Critical Unreviewed
CVE-2025-59739 was published Oct 2, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability... Critical Unreviewed
CVE-2025-59737 was published Oct 2, 2025
TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2025-61044 was published Oct 1, 2025
TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2025-61045 was published Oct 1, 2025
check-branches is vulnerable to command Injection Critical
CVE-2025-11148 was published for check-branches (npm) Sep 30, 2025
lirantal
Credited to lirantal
This vulnerability allows attackers to execute arbitrary commands on the underlying system.... Critical Unreviewed
CVE-2025-59817 was published Sep 25, 2025
This vulnerability allows malicious actors to execute arbitrary commands on the underlying system... Critical Unreviewed
CVE-2025-59815 was published Sep 25, 2025
Command Injection in adb-mcp MCP Server Critical
CVE-2025-59834 was published for adb-mcp (npm) Sep 24, 2025
lirantal
Credited to lirantal
A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor... Critical Unreviewed
CVE-2025-10035 was published Sep 19, 2025
TOTOLINK X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in... Critical Unreviewed
CVE-2025-52053 was published Sep 15, 2025
The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application.... Critical Unreviewed
CVE-2025-10364 was published Sep 12, 2025
interactive-git-checkout has a Command Injection vulnerability Critical
CVE-2025-59046 was published for interactive-git-checkout (npm) Sep 10, 2025
lirantal
Credited to lirantal
A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated... Critical Unreviewed
CVE-2025-57633 was published Sep 9, 2025
@akoskm/create-mcp-server-stdio is vulnerable to MCP Server Command Injection through `exec` API Critical
CVE-2025-54994 was published for @akoskm/create-mcp-server-stdio (npm) Sep 8, 2025
lirantal
Credited to lirantal
CodeceptJS's incomprehensive sanitation can lead to Command Injection Critical
CVE-2025-57285 was published for codeceptjs (npm) Sep 8, 2025
mhassan1
Credited to mhassan1
In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the... Critical Unreviewed
CVE-2025-50428 was published Aug 27, 2025
Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute... Critical Unreviewed
CVE-2025-50722 was published Aug 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database