WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,155 advisories

Loading
Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in... High Unreviewed
CVE-2025-66644 was published Dec 5, 2025
ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution... Critical Unreviewed
CVE-2020-36877 was published Dec 5, 2025
Loaded Commerce 6.6 contains a client-side template injection vulnerability that allows... Moderate Unreviewed
CVE-2025-66572 was published Dec 4, 2025
Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the... High Unreviewed
CVE-2025-66576 was published Dec 4, 2025
perl2exe <= V30.10C contains an arbitrary code execution vulnerability that allows local... High Unreviewed
CVE-2024-58278 was published Dec 4, 2025
ALLNET ALL-RUT22GW v3.3.8 was discovered to contain an OS command injection vulnerability via the... Moderate Unreviewed
CVE-2025-29269 was published Dec 4, 2025
TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8... Critical Unreviewed
CVE-2025-34319 was published Dec 3, 2025
A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up... High Unreviewed
CVE-2025-12744 was published Dec 3, 2025
Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2... High Unreviewed
CVE-2025-11787 was published Dec 2, 2025
MCP Watch has a Critical Command Injection in cloneRepo allows Remote Code Execution (RCE) via malicious URL Critical
CVE-2025-66401 was published for mcp-watch (npm) Dec 2, 2025
viralvaghela
Credited to viralvaghela
By providing a command-line argument starting with a semi-colon ; to an API endpoint created by... Critical Unreviewed
CVE-2025-35028 was published Dec 1, 2025
Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool... Critical Unreviewed
CVE-2025-8890 was published Nov 27, 2025
TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the... High Unreviewed
CVE-2025-65202 was published Nov 26, 2025
Improper neutralization of special elements used in an OS command ('command injection') in Cursor... Critical Unreviewed
CVE-2025-62354 was published Nov 26, 2025
An OS command injection vulnerability exists due to insufficient sanitization of user-supplied... Critical Unreviewed
CVE-2025-64127 was published Nov 26, 2025
An OS command injection vulnerability exists due to incomplete validation of user-supplied input... Critical Unreviewed
CVE-2025-64128 was published Nov 26, 2025
An OS command injection vulnerability exists due to improper input validation. The application... Critical Unreviewed
CVE-2025-64126 was published Nov 26, 2025
Unauthenticated OS Command Injection (restore_settings.php) in DB Electronica Telecomunicazioni S... Critical Unreviewed
CVE-2025-66261 was published Nov 26, 2025
Unauthenticated OS Command Injection (start_upgrade.php) in DB Electronica Telecomunicazioni S.p... Critical Unreviewed
CVE-2025-66253 was published Nov 26, 2025
Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer High
CVE-2025-62703 was published for fugue (pip) Nov 25, 2025
Chenpinji
Credited to Chenpinji
A command injection vulnerability has been identified in bwdpi. A remote, authenticated attacker... High Unreviewed
CVE-2025-59370 was published Nov 25, 2025
A Looker user with a Developer role could cause Looker to execute a malicious command, due to... High Unreviewed
CVE-2025-12742 was published Nov 25, 2025
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware (used by many white-labeled DVR/NVR... Critical Unreviewed
CVE-2018-25126 was published Nov 24, 2025
@anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes High
CVE-2025-64755 was published for @anthropic-ai/claude-code (npm) Nov 20, 2025
An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 -... High Unreviewed
CVE-2025-60738 was published Nov 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database