Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,889 advisories

Loading
A vulnerability was detected in Wavlink WL-WN578W2 221110. This impacts the function sub_404DBC... Moderate Unreviewed
CVE-2025-10359 was published Sep 13, 2025
A security vulnerability has been detected in Wavlink WL-WN578W2 221110. This affects the... Moderate Unreviewed
CVE-2025-10358 was published Sep 13, 2025
A security vulnerability has been detected in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by... Moderate Unreviewed
CVE-2025-10328 was published Sep 13, 2025
A weakness has been identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this... Moderate Unreviewed
CVE-2025-10327 was published Sep 12, 2025
A security flaw has been discovered in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an... Moderate Unreviewed
CVE-2025-10326 was published Sep 12, 2025
The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application.... Critical Unreviewed
CVE-2025-10364 was published Sep 12, 2025
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an... Moderate Unreviewed
CVE-2025-27233 was published Sep 12, 2025
Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to... High Unreviewed
CVE-2025-55319 was published Sep 12, 2025
An arbitrary file upload vulnerability in Beakon Application before v5.4.3 allows attackers to... Moderate Unreviewed
CVE-2025-55372 was published Sep 11, 2025
interactive-git-checkout has a Command Injection vulnerability Critical
CVE-2025-59046 was published for interactive-git-checkout (npm) Sep 10, 2025
lirantal
An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to gain sensitive information or... High Unreviewed
CVE-2025-56406 was published Sep 10, 2025
A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated... Critical Unreviewed
CVE-2025-57633 was published Sep 9, 2025
Improper neutralization of special elements used in a command ('command injection') in SQL Server... High Unreviewed
CVE-2025-55227 was published Sep 9, 2025
A security issue exists within FactoryTalk Optix MQTT broker due to the lack of URI sanitization.... High Unreviewed
CVE-2025-9161 was published Sep 9, 2025
@akoskm/create-mcp-server-stdio is vulnerable to MCP Server Command Injection through `exec` API Critical
CVE-2025-54994 was published for @akoskm/create-mcp-server-stdio (npm) Sep 8, 2025
lirantal
CodeceptJS's incomprehensive sanitation can lead to Command Injection Critical
CVE-2025-57285 was published for codeceptjs (npm) Sep 8, 2025
ModStartCMS v9.5.0 has an arbitrary file write vulnerability, which allows attackers to write... Moderate Unreviewed
CVE-2025-55824 was published Sep 5, 2025
A security vulnerability has been detected in D-Link DIR-852 1.00CN B09. Impacted is the function... Moderate Unreviewed
CVE-2025-9752 was published Sep 4, 2025
It was possible to perform Remote Command Execution (RCE) via Java RMI interface in the OpenEdge... High Unreviewed
CVE-2025-7388 was published Sep 4, 2025
PyPI publish GitHub Action vulnerable to injectable expression expansions in action steps Low
GHSA-vxmw-7h4f-hqxh was published for pypa/gh-action-pypi-publish (GitHub Actions) Sep 4, 2025
woodruffw
mcp-markdownify-server vulnerable to command injection in pptx-to-markdown tool High
CVE-2025-58358 was published for mcp-markdownify-server (npm) Sep 2, 2025
0xRoyR
Command Injection via sonarqube-scan-action GitHub Action High
CVE-2025-58178 was published for SonarSource/sonarqube-scan-action (GitHub Actions) Sep 2, 2025
Torbjorn-Svensson
Wavlink AC1200 with firmware versions M32A3_V1410_230602 and M32A3_V1410_240222 are vulnerable to... Moderate Unreviewed
CVE-2024-48705 was published Sep 2, 2025
Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the... Moderate Unreviewed
CVE-2025-50755 was published Sep 2, 2025
Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the... Moderate Unreviewed
CVE-2025-50757 was published Sep 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database