Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,827
Maven
5,000+
npm
4,455
NuGet
775
pip
4,219
Pub
12
RubyGems
970
Rust
1,090
Swift
47
Unreviewed advisories
All unreviewed
5,000+

3,127 advisories

Loading
A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a... Moderate Unreviewed
CVE-2025-37176 was published Jan 13, 2026
Renovate vulnerable to arbitrary command injection via helmv3 manager and malicious Chart.yaml file Moderate
GHSA-3f44-xw83-3pmg was published for renovate (npm) Jan 13, 2026
astellingwerf
Credited to astellingwerf
Renovate vulnerable to arbitrary command injection via gleam manager and malicious gleam.toml file Moderate
GHSA-xjr7-3c3g-m763 was published for renovate (npm) Jan 13, 2026
astellingwerf
Credited to astellingwerf
Renovate vulnerable to arbitrary command injection via hermit manager and maliciously named dependencies Moderate
GHSA-36j9-mx87-2cff was published for renovate (npm) Jan 13, 2026
astellingwerf
Credited to astellingwerf
Renovate vulnerable to arbitrary command injection via npm manager and malicious Renovate configuration Moderate
GHSA-fr4j-65pv-gjjj was published for renovate (npm) Jan 13, 2026
astellingwerf
Credited to astellingwerf
Renovate vulnerable to arbitrary command injection via kustomize manager and malicious helm repository Moderate
GHSA-xv56-3wq5-9997 was published for renovate (npm) Jan 13, 2026
astellingwerf
Credited to astellingwerf
orval MCP client is vulnerable to a code injection attack. Critical
CVE-2026-22785 was published for @orval/mcp (npm) Jan 13, 2026
nirhaas
Credited to nirhaas
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Critical Unreviewed
CVE-2026-22755 was published Jan 13, 2026
A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.8... Moderate Unreviewed
CVE-2025-15502 was published Jan 10, 2026
A vulnerability was determined in Sangfor Operation and Maintenance Management System up to 3.0.8... High Unreviewed
CVE-2025-15501 was published Jan 10, 2026
A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8.... High Unreviewed
CVE-2025-15500 was published Jan 10, 2026
A vulnerability has been found in Sangfor Operation and Maintenance Management System up to 3.0.8... High Unreviewed
CVE-2025-15499 was published Jan 10, 2026
A DLL hijacking vulnerability in Axtion ODISSAAS ODIS v1.8.4 allows attackers to execute... Moderate Unreviewed
CVE-2025-66715 was published Jan 9, 2026
WeKnora has Command Injection in MCP stdio test Critical
CVE-2026-22688 was published for github.com/Tencent/WeKnora (Go) Jan 9, 2026
im-soohyun
Credited to im-soohyun
EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName... Critical Unreviewed
CVE-2025-70161 was published Jan 9, 2026
A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link... Critical Unreviewed
CVE-2025-69542 was published Jan 9, 2026
Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary... Critical Unreviewed
CVE-2025-64093 was published Jan 9, 2026
This vulnerability allows authenticated attackers to execute commands via the hostname of the... Critical Unreviewed
CVE-2025-64090 was published Jan 9, 2026
A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the... Moderate Unreviewed
CVE-2026-0732 was published Jan 9, 2026
A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the... High Unreviewed
CVE-2026-21638 was published Jan 8, 2026
A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the... Moderate Unreviewed
CVE-2026-21639 was published Jan 8, 2026
A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The... High Unreviewed
CVE-2025-67089 was published Jan 8, 2026
This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as... High Unreviewed
CVE-2025-55125 was published Jan 8, 2026
An issue was discovered in the AppConnector component version 10.10.0.183 and earlier of enaio 10... Critical Unreviewed
CVE-2025-56425 was published Jan 8, 2026
This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the... Critical Unreviewed
CVE-2025-59470 was published Jan 8, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database