Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,950
Erlang
39
GitHub Actions
38
Go
2,603
Maven
5,000+
npm
4,250
NuGet
755
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,981 advisories

Loading
jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution ... High Unreviewed
CVE-2025-60801 was published Oct 24, 2025
Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows... High Unreviewed
CVE-2024-41153 was published Oct 29, 2024
The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the... Critical Unreviewed
CVE-2025-58428 was published Oct 23, 2025
An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact... Moderate Unreviewed
CVE-2025-54964 was published Oct 23, 2025
Bambu Studio 2.1.1.52 and earlier is affected by a vulnerability that allows arbitrary code... Moderate Unreviewed
CVE-2025-57521 was published Oct 21, 2025
Apache HugeGraph-Server: Command execution in gremlin Critical
CVE-2024-27348 was published for org.apache.hugegraph:hugegraph-api (Maven) Apr 22, 2024
Remote code execution (RCE) in Apache Airflow High
CVE-2020-11978 was published for apache-airflow (pip) Jul 27, 2020
sunSUNQ
Credited to sunSUNQ
Remote code execution in PHPMailer Critical
CVE-2016-10033 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated... High Unreviewed
CVE-2025-4231 was published Jun 13, 2025
A high privileged remote attacker can influence the parameters passed to the openssl command due... Low Unreviewed
CVE-2025-41721 was published Oct 22, 2025
The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote... High Unreviewed
CVE-2015-2051 was published May 17, 2022
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script ... High Unreviewed
CVE-2012-1823 was published May 14, 2022
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim... Moderate Unreviewed
CVE-2010-4345 was published May 13, 2022
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1... High Unreviewed
CVE-2007-3010 was published May 1, 2022
HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary... High Unreviewed
CVE-2005-2773 was published May 1, 2022
Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail... Moderate Unreviewed
CVE-2025-59689 was published Sep 19, 2025
A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor... Critical Unreviewed
CVE-2025-10035 was published Sep 19, 2025
The Meteobridge web interface let meteobridge administrator manage their weather station data... Critical Unreviewed
CVE-2025-4008 was published May 21, 2025
A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1... Moderate Unreviewed
CVE-2024-12987 was published Dec 27, 2024
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2... High Unreviewed
CVE-2024-9380 was published Oct 8, 2024
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS... Critical Unreviewed
CVE-2024-3400 was published Apr 12, 2024
A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS... High Unreviewed
CVE-2024-3273 was published Apr 4, 2024
ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an authenticated command injection... High Unreviewed
CVE-2023-39780 was published Sep 11, 2023
A remote command injection vulnerability exists in the Barracuda Email Security Gateway ... Critical Unreviewed
CVE-2023-2868 was published Jul 6, 2023
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with... Critical Unreviewed
CVE-2023-20887 was published Jun 7, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database