Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,885
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,209
NuGet
744
pip
3,987
Pub
12
RubyGems
950
Rust
1,035
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,232 advisories

Loading
Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet... High Unreviewed
CVE-2025-54405 was published Oct 7, 2025
Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500... High Unreviewed
CVE-2025-54403 was published Oct 7, 2025
Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500... High Unreviewed
CVE-2025-54404 was published Oct 7, 2025
Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet... High Unreviewed
CVE-2025-54406 was published Oct 7, 2025
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F... High Unreviewed
CVE-2025-60959 was published Oct 6, 2025
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F... High Unreviewed
CVE-2025-60963 was published Oct 6, 2025
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F... High Unreviewed
CVE-2025-60962 was published Oct 6, 2025
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F... High Unreviewed
CVE-2025-60960 was published Oct 6, 2025
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11... High Unreviewed
CVE-2025-36354 was published Oct 6, 2025
IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to... High Unreviewed
CVE-2025-36245 was published Sep 30, 2025
Argument injection vulnerability in SonarQube Scan Action High
CVE-2025-59844 was published for SonarSource/sonarqube-scan-action (GitHub Actions) Sep 26, 2025
Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2... High Unreviewed
CVE-2025-35027 was published Sep 26, 2025
Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the... High Unreviewed
CVE-2025-60017 was published Sep 26, 2025
Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the... High Unreviewed
CVE-2025-34227 was published Sep 25, 2025
Ericsson Indoor Connect 8855 contains a command injection vulnerability which if exploited can... High Unreviewed
CVE-2025-27262 was published Sep 25, 2025
An OS command injection vulnerability has been discovered in the Vitogate 300, which can be... High Unreviewed
CVE-2025-9494 was published Sep 23, 2025
`git-comiters` Command Injection vulnerability High
CVE-2025-59831 was published for git-commiters (npm) Sep 22, 2025
lirantal
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue... High Unreviewed
CVE-2025-58116 was published Sep 17, 2025
In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can... High Unreviewed
CVE-2025-59518 was published Sep 17, 2025
The N-Reporter, N-Cloud, and N-Probe developed by N-Partner has an OS Command Injection... High Unreviewed
CVE-2025-10589 was published Sep 17, 2025
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line... High Unreviewed
CVE-2025-37126 was published Sep 17, 2025
Flowise has unsandboxed remote code execution via Custom MCP High
GHSA-6933-jpx5-q87q was published for flowise (npm) Sep 15, 2025
assaf-levkovich-jf
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an... High Unreviewed
CVE-2025-27234 was published Sep 12, 2025
Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email High
CVE-2025-59041 was published for @anthropic-ai/claude-code (npm) Sep 10, 2025
cai0duque
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper... High Unreviewed
CVE-2025-43884 was published Sep 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database