Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,464
Erlang
33
GitHub Actions
22
Go
2,164
Maven
5,000+
npm
3,821
NuGet
696
pip
3,503
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

869 advisories

Loading
ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"... Critical Unreviewed
CVE-2024-37391 was published Jul 22, 2024
There is a command injection vulnerability in the underlying deauthentication service that could... Critical Unreviewed
CVE-2024-31473 was published May 15, 2024
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections... Critical Unreviewed
CVE-2023-27985 was published Mar 9, 2023
Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted... Critical Unreviewed
CVE-2025-1316 was published Mar 5, 2025
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate... Critical Unreviewed
CVE-2023-25279 was published Mar 13, 2023
OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 allows attackers to... Critical Unreviewed
CVE-2023-24762 was published Mar 13, 2023
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers... Critical Unreviewed
CVE-2023-28617 was published Mar 19, 2023
In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE)... Critical Unreviewed
CVE-2025-27364 was published Feb 24, 2025
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection... Critical Unreviewed
CVE-2022-28495 was published Mar 24, 2023
An OS command injection vulnerability exists in Vinci Protocol Analyzer that could allow an... Critical Unreviewed
CVE-2025-1265 was published Feb 20, 2025
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This... Critical Unreviewed
CVE-2024-7591 was published Sep 5, 2024
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue... Critical Unreviewed
CVE-2021-46686 was published Feb 18, 2025
mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote... Critical Unreviewed
CVE-2025-25067 was published Feb 14, 2025
OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote... Critical Unreviewed
CVE-2024-47908 was published Feb 11, 2025
A command injection vulnerability exists in the processAnalyticsReport method from the com.webos... Critical Unreviewed
CVE-2023-6318 was published Apr 9, 2024
A command injection vulnerability exists in the getAudioMetadata method from the com.webos... Critical Unreviewed
CVE-2023-6319 was published Apr 9, 2024
A command injection vulnerability exists in the com.webos.service.connectionmanager/tv... Critical Unreviewed
CVE-2023-6320 was published Apr 9, 2024
In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection... Critical Unreviewed
CVE-2024-2389 was published Apr 2, 2024
D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi... Critical Unreviewed
CVE-2020-25506 was published May 24, 2022
A command injection vulnerability in the web server of some Hikvision product. Due to the... Critical Unreviewed
CVE-2021-36260 was published May 24, 2022
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG... Critical Unreviewed
CVE-2019-3929 was published May 24, 2022
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed
CVE-2023-6260 was published Feb 20, 2024
IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker... Critical Unreviewed
CVE-2024-51450 was published Feb 6, 2025
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1... Critical Unreviewed
CVE-2021-27561 was published May 24, 2022
Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that... Critical Unreviewed
CVE-2021-35394 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database