Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,824
Maven
5,000+
npm
4,451
NuGet
774
pip
4,218
Pub
12
RubyGems
970
Rust
1,090
Swift
47
Unreviewed advisories
All unreviewed
5,000+

4,290 advisories

Loading
Sites running NOAA PMEL Live Access Server (LAS) are vulnerable to remote code execution via... Critical Unreviewed
CVE-2025-62193 was published Jan 15, 2026
NVIDIA NSIGHT Graphics for Linux contains a vulnerability where an attacker could cause command... High Unreviewed
CVE-2025-33206 was published Jan 14, 2026
The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command... Moderate Unreviewed
CVE-2026-22718 was published Jan 14, 2026
Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated... Critical Unreviewed
CVE-2023-54339 was published Jan 14, 2026
Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data... High Unreviewed
CVE-2022-50909 was published Jan 14, 2026
Tdarr 2.00.15 contains an unauthenticated remote code execution vulnerability in its Help... Critical Unreviewed
CVE-2022-50919 was published Jan 14, 2026
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of... High Unreviewed
CVE-2026-21267 was published Jan 13, 2026
Authenticated command injection vulnerabilities exist in the web-based management interface of... High Unreviewed
CVE-2025-37170 was published Jan 13, 2026
Authenticated command injection vulnerabilities exist in the web-based management interface of... High Unreviewed
CVE-2025-37172 was published Jan 13, 2026
Authenticated command injection vulnerabilities exist in the web-based management interface of... High Unreviewed
CVE-2025-37171 was published Jan 13, 2026
Renovate vulnerable to arbitrary command injection via Gradle Wrapper and malicious `distributionUrl` Moderate
GHSA-pfq2-hh62-7m96 was published for renovate (npm) Jan 13, 2026
y4rvin
Credited to y4rvin
An improper neutralization of special elements used in an os command ('os command injection')... Critical Unreviewed
CVE-2025-64155 was published Jan 13, 2026
Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver... High Unreviewed
CVE-2026-0507 was published Jan 13, 2026
Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability,... High Unreviewed
CVE-2026-0855 was published Jan 12, 2026
Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability,... High Unreviewed
CVE-2026-0854 was published Jan 12, 2026
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... High Unreviewed
CVE-2025-69269 was published Jan 12, 2026
Processing specially crafted workspace folder names could allow for arbitrary command injection... High Unreviewed
CVE-2026-0830 was published Jan 9, 2026
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Moderate Unreviewed
CVE-2025-46645 was published Jan 9, 2026
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Moderate Unreviewed
CVE-2025-46644 was published Jan 9, 2026
Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter ... High Unreviewed
CVE-2025-66052 was published Jan 9, 2026
This vulnerability allows authenticated attackers to execute commands via the NTP-configuration... High Unreviewed
CVE-2025-64091 was published Jan 9, 2026
SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in... High Unreviewed
CVE-2019-25289 was published Jan 8, 2026
FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command... High Unreviewed
CVE-2017-20215 was published Jan 8, 2026
FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote... Critical Unreviewed
CVE-2017-20216 was published Jan 8, 2026
pnpm vulnerable to Command Injection via environment variable substitution High
CVE-2025-69262 was published for pnpm (npm) Jan 7, 2026
Sy2n0
Credited to Sy2n0
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database