Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

27 advisories

Loading
Command Injection in opencv Low
GHSA-f698-m2v9-5fh3 was published for opencv (npm) Jun 4, 2019
Command Injection in ascii-art Low
GHSA-9hqj-38j2-5jgm was published for ascii-art (npm) Sep 1, 2020
Improper Neutralization of Special Elements used in a Command ('Command Injection') in @floffah/build Low
GHSA-jcgr-9698-82jx was published for @floffah/build (npm) May 28, 2021
IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check... Low Unreviewed
CVE-2015-5011 was published May 17, 2022
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a... Low Unreviewed
CVE-2010-2008 was published May 13, 2022
Environment Variable Injection in GitHub Actions Low
CVE-2020-15228 was published for @actions/core (npm) Oct 1, 2020
Command injection in @diez/generation Low
CVE-2021-32830 was published for @diez/generation (npm) Sep 2, 2021
Withdrawn: Arbitrary code execution in lodash Low Unreviewed
CVE-2021-41720 was published for lodash (npm) Dec 3, 2021
Imperative CLI vulnerable to Command Injection Low
CVE-2021-4326 was published for @zowe/imperative (npm) Mar 1, 2023
MarkAckert
In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by... Low Unreviewed
CVE-2024-0325 was published Feb 2, 2024
Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the... Low Unreviewed
CVE-2024-32314 was published Apr 17, 2024
TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection... Low Unreviewed
CVE-2024-34218 was published May 14, 2024
sshproxy vulnerable to SSH option injection Low
CVE-2024-34713 was published for github.com/cea-hpc/sshproxy (Go) May 14, 2024
fdiakh
Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server"... Low Unreviewed
CVE-2024-22122 was published Aug 12, 2024
Multiple bash files were present in the application's private directory. Bash files can be used... Low Unreviewed
CVE-2024-54681 was published Jan 17, 2025
A vulnerability classified as critical was found in MicroWord eScan Antivirus 7.0.32 on Linux.... Low Unreviewed
CVE-2025-1369 was published Feb 17, 2025
Matrix IRC Bridge allows IRC command injection to own puppeted user Low
CVE-2025-27146 was published for matrix-appservice-irc (npm) Feb 25, 2025
funderscore1
An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all... Low Unreviewed
CVE-2024-8402 was published Mar 13, 2025
An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all... Low Unreviewed
CVE-2024-9773 was published Mar 27, 2025
Terraform WinDNS Provider improperly sanitizes input variables in `windns_record` Low
CVE-2025-46735 was published for github.com/nrkno/terraform-provider-windns (Go) May 6, 2025
polo-sec sjurtf
Foxboron
AWorld OS Command Injection vulnerability Low
CVE-2025-4032 was published for aworld (pip) Apr 28, 2025
Ackites KillWxapkg vulnerable to OS Command Injection Low
CVE-2025-5030 was published for github.com/Ackites/KillWxapkg (Go) May 21, 2025
Successful exploitation of the vulnerability could allow an attacker with administrator... Low Unreviewed
CVE-2025-52687 was published Jul 16, 2025
An Improper Input Validation in UISP Application could allow a Command Injection by a malicious... Low Unreviewed
CVE-2025-48979 was published Aug 29, 2025
A command injection vulnerability has been reported to affect HybridDesk Station. If an attacker... Low Unreviewed
CVE-2025-44015 was published Aug 29, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database