Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
74
GitHub Actions
54
Go
4,134
Maven
5,000+
npm
5,000+
NuGet
1,013
pip
5,000+
Pub
13
RubyGems
1,095
Rust
1,419
Swift
61
Unreviewed advisories
All unreviewed
5,000+

3,653 advisories

Loading
Gogs vulnerable to RCE via git rebase --exec argument injection in pull request merge Critical
CVE-2026-52806 was published for gogs.io/gogs (Go) Jun 23, 2026
Crypto-Cat Credited to Crypto-Cat
A vulnerability has been found in coollabsio coolify 4.0.0. Impacted is an unknown function of... Low Unreviewed
CVE-2026-12815 was published Jun 22, 2026
A flaw has been found in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function... Low Unreviewed
CVE-2026-12814 was published Jun 22, 2026
Improper neutralization of special elements used in a command ('command injection') in Microsoft... Moderate Unreviewed
CVE-2026-42895 was published Jun 19, 2026
Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence... Critical Unreviewed
CVE-2026-12045 was published Jun 19, 2026
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were... Critical Unreviewed
CVE-2026-38717 was published Jun 18, 2026
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were... Critical Unreviewed
CVE-2026-38716 was published Jun 18, 2026
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were... Critical Unreviewed
CVE-2026-38715 was published Jun 18, 2026
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were... Critical Unreviewed
CVE-2026-38714 was published Jun 18, 2026
PraisonAI: IMAP Command Injection via Unsanitized Email Search Parameters High
GHSA-c969-5x3p-vq3v was published for praisonaiagents (pip) Jun 18, 2026
sondt99 Credited to sondt99
Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution... High Unreviewed
CVE-2024-24909 was published Jun 16, 2026
A code injection vulnerability in the wxExecute() function of OpenCPN v5.12.0 allows attackers to... High Unreviewed
CVE-2025-56814 was published Jun 15, 2026
OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv... High Unreviewed
CVE-2026-53822 was published Jun 13, 2026
File Browser has a Command Execution Allowlist Bypass via Shell Metacharacter Injection High
CVE-2026-54090 was published for github.com/filebrowser/filebrowser/v2 (Go) Jun 12, 2026
RajChowdhury240 Credited to RajChowdhury240
Net::IMAP: Command Injection via ID command argument Moderate
CVE-2026-47242 was published for net-imap (RubyGems) Jun 9, 2026
nevans Credited to nevans
Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument Moderate
CVE-2026-47240 was published for net-imap (RubyGems) Jun 9, 2026
nevans Credited to nevans
shell-quote quote() does not escape newlines in object .op values Critical
CVE-2026-9277 was published for shell-quote (npm) Jun 9, 2026
akshatgit Credited to akshatgit and ljharb ljharb ljharb
Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command... High Unreviewed
CVE-2026-11572 was published Jun 9, 2026
A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function... High Unreviewed
CVE-2026-11556 was published Jun 8, 2026
A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some... Low Unreviewed
CVE-2026-11408 was published Jun 6, 2026
A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function... Low Unreviewed
CVE-2026-11341 was published Jun 5, 2026
Authenticated Remote Code Execution via loadReader functionName code injection in DbGate Critical
CVE-2026-47670 was published for dbgate-api (npm) Jun 5, 2026
tomasvanagas Credited to tomasvanagas
Improper neutralization of special elements used in a command ('command injection') in Microsoft... High Unreviewed
CVE-2026-45497 was published Jun 5, 2026
Improper neutralization of special elements used in a command ('command injection') in M365... Moderate Unreviewed
CVE-2026-42824 was published Jun 5, 2026
A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstats_path... High Unreviewed
CVE-2026-10873 was published Jun 5, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database