GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,369
Composer 4,373
Erlang 33
GitHub Actions 22
Go 2,135
Maven 5,313
npm 3,797
NuGet 687
pip 3,478
Pub 12
RubyGems 896
Rust 897
Swift 38

Unreviewed advisories

All unreviewed 245,413

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

866 advisories

Filter by severity

Sort by

Least recently updated

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection... Critical Unreviewed

CVE-2022-28495 was published Mar 24, 2023

An OS command injection vulnerability exists in Vinci Protocol Analyzer that could allow an... Critical Unreviewed

CVE-2025-1265 was published Feb 20, 2025

Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This... Critical Unreviewed

CVE-2024-7591 was published Sep 5, 2024

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue... Critical Unreviewed

CVE-2021-46686 was published Feb 18, 2025

mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote... Critical Unreviewed

CVE-2025-25067 was published Feb 14, 2025

OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote... Critical Unreviewed

CVE-2024-47908 was published Feb 11, 2025

A command injection vulnerability exists in the processAnalyticsReport method from the com.webos... Critical Unreviewed

CVE-2023-6318 was published Apr 9, 2024

A command injection vulnerability exists in the getAudioMetadata method from the com.webos... Critical Unreviewed

CVE-2023-6319 was published Apr 9, 2024

A command injection vulnerability exists in the com.webos.service.connectionmanager/tv... Critical Unreviewed

CVE-2023-6320 was published Apr 9, 2024

In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection... Critical Unreviewed

CVE-2024-2389 was published Apr 2, 2024

D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi... Critical Unreviewed

CVE-2020-25506 was published May 24, 2022

A command injection vulnerability in the web server of some Hikvision product. Due to the... Critical Unreviewed

CVE-2021-36260 was published May 24, 2022

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG... Critical Unreviewed

CVE-2019-3929 was published May 24, 2022

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed

CVE-2023-6260 was published Feb 20, 2024

IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker... Critical Unreviewed

CVE-2024-51450 was published Feb 6, 2025

Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1... Critical Unreviewed

CVE-2021-27561 was published May 24, 2022

Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that... Critical Unreviewed

CVE-2021-35394 was published May 24, 2022

Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a... Critical Unreviewed

CVE-2024-0740 was published Apr 26, 2024

OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone... Critical Unreviewed

CVE-2024-53584 was published Jan 31, 2025

Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request... Critical Unreviewed

CVE-2021-27104 was published May 24, 2022

Affected products contain a vulnerability in the device cloud rpc command handling process that... Critical Unreviewed

CVE-2025-0680 was published Jan 30, 2025

Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command... Critical Unreviewed

CVE-2023-29944 was published May 8, 2023

A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L... Critical Unreviewed

CVE-2021-45382 was published Feb 18, 2022

mySCADA myPRO does not properly neutralize POST requests sent to a specific port with version... Critical Unreviewed

CVE-2025-20014 was published Jan 29, 2025

mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email... Critical Unreviewed

CVE-2025-20061 was published Jan 29, 2025

Previous 1 2 3 4 5 … 34 35 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

866 advisories