Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

918 advisories

Loading
A vulnerability has been found in D-Link R15 (AX1500) 1.20.01 and below. By manipulating the... Critical Unreviewed
CVE-2025-60854 was published Dec 2, 2025
iStats contains an insecure XPC service that allows local, unprivileged users to escalate their... Critical Unreviewed
CVE-2025-11921 was published Nov 24, 2025
The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the... Critical Unreviewed
CVE-2025-58428 was published Oct 23, 2025
Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command... Critical Unreviewed
CVE-2025-10020 was published Oct 21, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability... Critical Unreviewed
CVE-2025-59738 was published Oct 2, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability... Critical Unreviewed
CVE-2025-59736 was published Oct 2, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability... Critical Unreviewed
CVE-2025-59741 was published Oct 2, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability... Critical Unreviewed
CVE-2025-59735 was published Oct 2, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability... Critical Unreviewed
CVE-2025-59737 was published Oct 2, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability... Critical Unreviewed
CVE-2025-59739 was published Oct 2, 2025
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability... Critical Unreviewed
CVE-2025-59740 was published Oct 2, 2025
TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2025-61045 was published Oct 1, 2025
TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2025-61044 was published Oct 1, 2025
This vulnerability allows attackers to execute arbitrary commands on the underlying system.... Critical Unreviewed
CVE-2025-59817 was published Sep 25, 2025
This vulnerability allows malicious actors to execute arbitrary commands on the underlying system... Critical Unreviewed
CVE-2025-59815 was published Sep 25, 2025
A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor... Critical Unreviewed
CVE-2025-10035 was published Sep 19, 2025
TOTOLINK X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in... Critical Unreviewed
CVE-2025-52053 was published Sep 15, 2025
The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application.... Critical Unreviewed
CVE-2025-10364 was published Sep 12, 2025
A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated... Critical Unreviewed
CVE-2025-57633 was published Sep 9, 2025
In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the... Critical Unreviewed
CVE-2025-50428 was published Aug 27, 2025
Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute... Critical Unreviewed
CVE-2025-50722 was published Aug 26, 2025
The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute... Critical Unreviewed
CVE-2025-57105 was published Aug 22, 2025
Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a... Critical Unreviewed
CVE-2025-24285 was published Aug 21, 2025
TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2025-55591 was published Aug 18, 2025
An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to... Critical Unreviewed
CVE-2025-26063 was published Jul 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database