GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

GitHub reviewed advisories

All reviewed 32,549
Composer 6,122
Erlang 86
GitHub Actions 54
Go 4,175
Maven 6,713
npm 6,687
NuGet 1,019
pip 5,531
Pub 13
RubyGems 1,102
Rust 1,421
Swift 61

Unreviewed advisories

All unreviewed 310,882

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

965 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence... Critical Unreviewed

CVE-2026-12045 was published Jun 19, 2026

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were... Critical Unreviewed

CVE-2026-38717 was published Jun 18, 2026

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were... Critical Unreviewed

CVE-2026-38715 was published Jun 18, 2026

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were... Critical Unreviewed

CVE-2026-38714 was published Jun 18, 2026

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were... Critical Unreviewed

CVE-2026-38716 was published Jun 18, 2026

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows... Critical Unreviewed

CVE-2026-8037 was published Jun 4, 2026

Crafted MQTT messages can trigger command injection, resulting in root-level code execution on... Critical Unreviewed

CVE-2026-49199 was published May 29, 2026

A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302... Critical Unreviewed

CVE-2026-38704 was published May 28, 2026

A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302... Critical Unreviewed

CVE-2026-38703 was published May 28, 2026

A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302... Critical Unreviewed

CVE-2026-38707 was published May 28, 2026

A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302... Critical Unreviewed

CVE-2026-38702 was published May 28, 2026

Improper neutralization of special elements used in a command ('command injection') in Microsoft... Critical Unreviewed

CVE-2026-41090 was published May 26, 2026

Improper neutralization of special elements used in a command ('command injection') in Microsoft... Critical Unreviewed

CVE-2026-23652 was published May 26, 2026

An administrative user with access to configure webhooks can execute arbitrary commands by... Critical Unreviewed

CVE-2026-8431 was published May 12, 2026

Improper neutralization of special elements used in a command ('command injection') in Azure... Critical Unreviewed

CVE-2026-35428 was published May 8, 2026

TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and... Critical Unreviewed

CVE-2026-36841 was published Apr 29, 2026

A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is... Critical Unreviewed

CVE-2026-31255 was published Apr 27, 2026

A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl... Critical Unreviewed

CVE-2026-30352 was published Apr 27, 2026

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to... Critical Unreviewed

CVE-2026-31175 was published Apr 23, 2026

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the... Critical Unreviewed

CVE-2026-38835 was published Apr 21, 2026

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote... Critical Unreviewed

CVE-2026-20186 was published Apr 15, 2026

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to... Critical Unreviewed

CVE-2026-20147 was published Apr 15, 2026

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to... Critical Unreviewed

CVE-2026-31170 was published Apr 9, 2026

A remote command execution (RCE) vulnerability in the /goform/formDia component of UTT Aggressive... Critical Unreviewed

CVE-2026-31059 was published Apr 6, 2026

A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3... Critical Unreviewed

CVE-2024-43028 was published Apr 1, 2026

Previous1…39 Next

Previous 1 2 3 4 5 … 38 39 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

965 advisories