Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,652
Erlang
34
GitHub Actions
26
Go
2,257
Maven
5,000+
npm
3,909
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,574 advisories

Loading
YoutubeDLSharp allows command injection on windows system due to non sanitized arguments Critical
CVE-2025-43858 was published for YoutubeDLSharp (NuGet) Apr 23, 2025
kitsumed alxnull
TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi via... Moderate Unreviewed
CVE-2025-28017 was published Apr 23, 2025
D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting. Moderate Unreviewed
CVE-2025-29743 was published Apr 22, 2025
Codemers KLIMS 1.6.DEV allows Python code injection. A user can provide Python code as an input... High Unreviewed
CVE-2025-43948 was published Apr 22, 2025
Directory Traversal vulnerability in forkosh Mime Tex before v.1.77 allows an attacker to execute... High Unreviewed
CVE-2024-40445 was published Apr 22, 2025
TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the... Critical Unreviewed
CVE-2025-29209 was published Apr 21, 2025
A vulnerability classified as critical was found in westboy CicadasCMS 2.0. This vulnerability... Moderate Unreviewed
CVE-2025-3816 was published Apr 19, 2025
74cms <=3.33 is vulnerable to remote code execution (RCE) in the background interface apiadmin. Moderate Unreviewed
CVE-2024-46089 was published Apr 18, 2025
In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible High Unreviewed
CVE-2025-43012 was published Apr 17, 2025
A vulnerability, which was classified as critical, has been found in SourceCodester Web-based... Moderate Unreviewed
CVE-2025-3729 was published Apr 16, 2025
Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload... Moderate Unreviewed
CVE-2024-40070 was published Apr 16, 2025
An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part... High Unreviewed
CVE-2024-36842 was published Apr 15, 2025
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a... Moderate Unreviewed
CVE-2025-28142 was published Apr 15, 2025
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a... Moderate Unreviewed
CVE-2025-28143 was published Apr 15, 2025
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a... Moderate Unreviewed
CVE-2025-28145 was published Apr 15, 2025
SurrealDB server-takeover via SurrealQL injection on backup import Critical
GHSA-ccj3-5p93-8p42 was published for surrealdb (Rust) Apr 11, 2025
cure53
Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller... High Unreviewed
CVE-2025-27083 was published Apr 8, 2025
An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2025-29063 was published Apr 2, 2025
An issue in BL-AC2100 <=V1.0.4 allows a remote attacker to execute arbitrary code via the time1... Critical Unreviewed
CVE-2025-29062 was published Apr 2, 2025
A command injection vulnerability exists in the Infinxt iEdge 100 2.1.32 in the Troubleshoot... Moderate Unreviewed
CVE-2025-26056 was published Apr 1, 2025
In Netgear WNR854T 1.5.2 (North America), the UPNP service (/usr/sbin/upnp) is vulnerable to... Critical Unreviewed
CVE-2024-54802 was published Mar 31, 2025
A vulnerability, which was classified as critical, has been found in Digital China DCME-520 up to... Moderate Unreviewed
CVE-2025-3002 was published Mar 31, 2025
A command injection vulnerability in the web interface of Adtran 411 ONT L80.00.0011.M2 allows... Critical Unreviewed
CVE-2025-22941 was published Mar 31, 2025
A command injection vulnerability in the telnet service of Adtran 411 ONT L80.00.0011.M2 allows... Critical Unreviewed
CVE-2025-22939 was published Mar 31, 2025
A vulnerability has been found in Legrand SMS PowerView 1.x and classified as critical. Affected... Moderate Unreviewed
CVE-2025-2983 was published Mar 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database