Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,022
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,403
Swift
61
Unreviewed advisories
All unreviewed
5,000+

1,473 advisories

Loading
The device has a webserver that exposes a REST API authenticated with a token on the management... Critical Unreviewed
CVE-2026-22313 was published Jun 16, 2026
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function... Critical Unreviewed
CVE-2026-38063 was published Jun 15, 2026
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function... Critical Unreviewed
CVE-2026-38065 was published Jun 15, 2026
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function... Critical Unreviewed
CVE-2026-38061 was published Jun 15, 2026
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function... Critical Unreviewed
CVE-2026-38060 was published Jun 15, 2026
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function... Critical Unreviewed
CVE-2026-38062 was published Jun 15, 2026
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function... Critical Unreviewed
CVE-2026-38064 was published Jun 15, 2026
Fortra's  Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in... Critical Unreviewed
CVE-2026-9862 was published Jun 15, 2026
Pheditor: OS Command Injection in terminal handler via unsanitized 'dir' parameter Critical
CVE-2026-48030 was published for pheditor/pheditor (Composer) Jun 9, 2026
muslimbek-0x Credited to muslimbek-0x
DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php. Critical Unreviewed
CVE-2026-38615 was published Jun 9, 2026
A improper neutralization of special elements used in an os command ('os command injection')... Critical Unreviewed
CVE-2026-25089 was published Jun 9, 2026
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1... Critical Unreviewed
CVE-2026-10520 was published Jun 9, 2026
shell-quote quote() does not escape newlines in object .op values Critical
CVE-2026-9277 was published for shell-quote (npm) Jun 9, 2026
akshatgit Credited to akshatgit and ljharb ljharb ljharb
Authenticated Remote Code Execution via loadReader functionName code injection in DbGate Critical
CVE-2026-47670 was published for dbgate-api (npm) Jun 5, 2026
tomasvanagas Credited to tomasvanagas
The network diagnosis (ping) module in Neterbit NW-431F Router 20241014-IR03 and before is... Critical Unreviewed
CVE-2025-67447 was published Jun 4, 2026
An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03... Critical Unreviewed
CVE-2026-35906 was published Jun 4, 2026
The system fails to evaluate instructional permissions over multiple internal operation codes ... Critical Unreviewed
CVE-2026-49190 was published Jun 4, 2026
The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(),... Critical Unreviewed
CVE-2026-49185 was published Jun 4, 2026
An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas... Critical Unreviewed
CVE-2026-36576 was published Jun 3, 2026
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an... Critical Unreviewed
CVE-2025-41276 was published May 29, 2026
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an... Critical Unreviewed
CVE-2025-41275 was published May 29, 2026
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an... Critical Unreviewed
CVE-2025-41277 was published May 29, 2026
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an... Critical Unreviewed
CVE-2025-41274 was published May 29, 2026
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an... Critical Unreviewed
CVE-2025-41272 was published May 29, 2026
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an... Critical Unreviewed
CVE-2025-41269 was published May 29, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database