GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
1,145 advisories
Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability
Critical
CVE-2026-41265
was published
for
flowise
(npm)
Apr 18, 2026
PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection
Critical
CVE-2026-41497
was published
for
praisonai
(pip)
Apr 17, 2026
electerm: electerm_install_script_CommandInjection Vulnerability Report
Critical
CVE-2026-41500
was published
for
electerm
(npm)
Apr 16, 2026
Emissary has GitHub Actions Shell Injection via Workflow Inputs
Critical
CVE-2026-35580
was published
for
gov.nsa.emissary:emissary
(Maven)
Apr 8, 2026
MLflow Command Injection vulnerability
Critical
CVE-2025-15379
was published
for
mlflow
(pip)
Mar 30, 2026
wenxian: Command Injection in GitHub Actions Workflow via `issue_comment.body`
Critical
CVE-2026-34243
was published
for
njzjz/wenxian
(GitHub Actions)
Mar 29, 2026
@siteboon/claude-code-ui is Vulnerable to Command Injection via Multiple Parameters
Critical
CVE-2026-31862
was published
for
@siteboon/claudecodeui
(npm)
Mar 11, 2026
zeptoclaw has Shell allowlist-blocklist bypass via command/argument injection and file name wildcards
Critical
GHSA-5wp8-q9mx-8jx8
was published
for
zeptoclaw
(Rust)
Mar 5, 2026
ProTip!
Advisories are also available from the
GraphQL API