Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,085 advisories

Loading
Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to... High Unreviewed
CVE-2025-55319 was published Sep 12, 2025
An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to gain sensitive information or... High Unreviewed
CVE-2025-56406 was published Sep 10, 2025
Improper neutralization of special elements used in a command ('command injection') in SQL Server... High Unreviewed
CVE-2025-55227 was published Sep 9, 2025
A security issue exists within FactoryTalk Optix MQTT broker due to the lack of URI sanitization.... High Unreviewed
CVE-2025-9161 was published Sep 9, 2025
It was possible to perform Remote Command Execution (RCE) via Java RMI interface in the OpenEdge... High Unreviewed
CVE-2025-7388 was published Sep 4, 2025
A command injection vulnerability has been reported to affect several QNAP operating system... High Unreviewed
CVE-2025-30264 was published Aug 29, 2025
A command injection vulnerability has been reported to affect QuRouter 2.5.1. If a remote... High Unreviewed
CVE-2025-29887 was published Aug 29, 2025
OPNsense 25.1 contains an authenticated command injection vulnerability in its Bridge Interface... High Unreviewed
CVE-2025-50989 was published Aug 27, 2025
D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command... High Unreviewed
CVE-2025-29523 was published Aug 26, 2025
D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command... High Unreviewed
CVE-2025-29516 was published Aug 25, 2025
Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command (... High Unreviewed
CVE-2025-41451 was published Aug 22, 2025
An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) could allow a... High Unreviewed
CVE-2025-48978 was published Aug 21, 2025
The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints... High Unreviewed
CVE-2024-53945 was published Aug 14, 2025
Improper neutralization of special elements used in a command ('command injection') in GitHub... High Unreviewed
CVE-2025-53773 was published Aug 12, 2025
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability High Unreviewed
CVE-2025-53787 was published Aug 7, 2025
Tigo Energy's CCA is vulnerable to a command injection vulnerability in the /cgi-bin/mobile_api... High Unreviewed
CVE-2025-7769 was published Aug 6, 2025
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as... High Unreviewed
CVE-2025-8244 was published Jul 28, 2025
An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute... High Unreviewed
CVE-2025-29628 was published Jul 25, 2025
Mingyu Security Gateway before v3.0-5.3p was discovered to contain a remote command execution ... High Unreviewed
CVE-2023-47356 was published Jul 17, 2025
Successful exploitation of the vulnerability could allow an attacker to execute arbitrary... High Unreviewed
CVE-2025-52690 was published Jul 16, 2025
An authenticated command injection vulnerability exists in the Command line interface of HPE... High Unreviewed
CVE-2025-37102 was published Jul 8, 2025
A vulnerability, which was classified as critical, has been found in Comodo Internet Security... High Unreviewed
CVE-2025-7097 was published Jul 7, 2025
Improper Neutralization of Special Elements in the Netflow directory field may allow OS command... High Unreviewed
CVE-2025-5306 was published Jun 27, 2025
A vulnerability, which was classified as critical, was found in Wifi-soft UniBox Controller up to... High Unreviewed
CVE-2025-6104 was published Jun 16, 2025
A vulnerability classified as critical was found in Wifi-soft UniBox Controller up to 20250506.... High Unreviewed
CVE-2025-6102 was published Jun 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database