Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,950
Erlang
39
GitHub Actions
38
Go
2,603
Maven
5,000+
npm
4,250
NuGet
755
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+

31 advisories

Loading
A high privileged remote attacker can influence the parameters passed to the openssl command due... Low Unreviewed
CVE-2025-41721 was published Oct 22, 2025
tracexec has `env` command argument injection via environment variables starting with dash in traced exec events Low
GHSA-6fgx-x7m2-74qm was published for tracexec (Rust) Oct 13, 2025
kxxt
Credited to kxxt
MCPHub's ServerController is vulnerable to Command Injection Low
CVE-2025-11285 was published for @samanhappy/mcphub (npm) Oct 5, 2025
A vulnerability was detected in CosmodiumCS OnlyRAT up to 3.2. The affected element is the... Low Unreviewed
CVE-2025-10767 was published Sep 22, 2025
PyPI publish GitHub Action vulnerable to injectable expression expansions in action steps Low
GHSA-vxmw-7h4f-hqxh was published for pypa/gh-action-pypi-publish (GitHub Actions) Sep 4, 2025
woodruffw
Credited to woodruffw
A command injection vulnerability has been reported to affect HybridDesk Station. If an attacker... Low Unreviewed
CVE-2025-44015 was published Aug 29, 2025
An Improper Input Validation in UISP Application could allow a Command Injection by a malicious... Low Unreviewed
CVE-2025-48979 was published Aug 29, 2025
wong2 mcp-cli Command Injection Vulnerability Low
CVE-2025-9262 was published for @wong2/mcp-cli (npm) Aug 21, 2025
Successful exploitation of the vulnerability could allow an attacker with administrator... Low Unreviewed
CVE-2025-52687 was published Jul 16, 2025
Ackites KillWxapkg vulnerable to OS Command Injection Low
CVE-2025-5030 was published for github.com/Ackites/KillWxapkg (Go) May 21, 2025
Terraform WinDNS Provider improperly sanitizes input variables in `windns_record` Low
CVE-2025-46735 was published for github.com/nrkno/terraform-provider-windns (Go) May 6, 2025
polo-sec sjurtf
Foxboron
Credited to polo-sec, sjurtf, and Foxboron
AWorld OS Command Injection vulnerability Low
CVE-2025-4032 was published for aworld (pip) Apr 28, 2025
An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all... Low Unreviewed
CVE-2024-9773 was published Mar 27, 2025
An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all... Low Unreviewed
CVE-2024-8402 was published Mar 13, 2025
Matrix IRC Bridge allows IRC command injection to own puppeted user Low
CVE-2025-27146 was published for matrix-appservice-irc (npm) Feb 25, 2025
funderscore1
Credited to funderscore1
A vulnerability classified as critical was found in MicroWord eScan Antivirus 7.0.32 on Linux.... Low Unreviewed
CVE-2025-1369 was published Feb 17, 2025
Multiple bash files were present in the application's private directory. Bash files can be used... Low Unreviewed
CVE-2024-54681 was published Jan 17, 2025
Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server"... Low Unreviewed
CVE-2024-22122 was published Aug 12, 2024
sshproxy vulnerable to SSH option injection Low
CVE-2024-34713 was published for github.com/cea-hpc/sshproxy (Go) May 14, 2024
fdiakh
Credited to fdiakh
TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection... Low Unreviewed
CVE-2024-34218 was published May 14, 2024
Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the... Low Unreviewed
CVE-2024-32314 was published Apr 17, 2024
In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by... Low Unreviewed
CVE-2024-0325 was published Feb 2, 2024
Imperative CLI vulnerable to Command Injection Low
CVE-2021-4326 was published for @zowe/imperative (npm) Mar 1, 2023
MarkAckert
Credited to MarkAckert
IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check... Low Unreviewed
CVE-2015-5011 was published May 17, 2022
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a... Low Unreviewed
CVE-2010-2008 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database