Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,876
Erlang
37
GitHub Actions
36
Go
2,521
Maven
5,000+
npm
4,166
NuGet
741
pip
3,962
Pub
12
RubyGems
946
Rust
1,028
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,221 advisories

Loading
Command Injection in adb-mcp MCP Server Critical
CVE-2025-59834 was published for adb-mcp (npm) Sep 24, 2025
lirantal
Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR... Critical Unreviewed
CVE-2018-25115 was published Aug 28, 2025
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed
CVE-2025-52906 was published Sep 24, 2025
Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection... Critical Unreviewed
CVE-2025-34184 was published Sep 16, 2025
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication... Critical Unreviewed
CVE-2025-34186 was published Sep 16, 2025
Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the... Critical Unreviewed
CVE-2011-10026 was published Aug 20, 2025
The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev... Critical Unreviewed
CVE-2013-10069 was published Aug 5, 2025
An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300... Critical Unreviewed
CVE-2013-10048 was published Aug 1, 2025
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the... Critical Unreviewed
CVE-2013-10060 was published Aug 1, 2025
An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13... Critical Unreviewed
CVE-2025-34029 was published Jun 20, 2025
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed
CVE-2025-9588 was published Sep 23, 2025
CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote... Critical Unreviewed
CVE-2025-48703 was published Sep 22, 2025
FitNesse allows execution of arbitrary OS commands Critical
CVE-2024-28125 was published for org.fitnesse:fitnesse (Maven) Mar 18, 2024
Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution... Critical Unreviewed
CVE-2025-34161 was published Aug 27, 2025
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python... Critical Unreviewed
CVE-2025-23316 was published Sep 18, 2025
The N-Reporter, N-Cloud, and N-Probe developed by N-Partner has an OS Command Injection... Critical Unreviewed
CVE-2025-9972 was published Sep 17, 2025
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file... Critical Unreviewed
CVE-2025-34187 was published Sep 16, 2025
System command injection through Netflow function due to improper input validation, allowing... Critical Unreviewed
CVE-2024-35304 was published Jun 10, 2024
Chaos Controller Manager is vulnerable to OS command injection Critical
CVE-2025-59360 was published for github.com/chaos-mesh/chaos-mesh (Go) Sep 15, 2025
Chaos Controller Manager is vulnerable to OS command injection Critical
CVE-2025-59359 was published for github.com/chaos-mesh/chaos-mesh (Go) Sep 15, 2025
Chaos Controller Manager is vulnerable to OS command injection Critical
CVE-2025-59361 was published for github.com/chaos-mesh/chaos-mesh (Go) Sep 15, 2025
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further... Critical Unreviewed
CVE-2022-2068 was published Jun 22, 2022
Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation Critical
CVE-2025-54123 was published for github.com/SpectoLabs/hoverfly (Go) Sep 10, 2025
Kr1shna4garwal
Certain models of NVR developed by Digiever has an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-10265 was published Sep 12, 2025
@akoskm/create-mcp-server-stdio is vulnerable to MCP Server Command Injection through `exec` API Critical
CVE-2025-54994 was published for @akoskm/create-mcp-server-stdio (npm) Sep 8, 2025
lirantal
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database