Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
74
GitHub Actions
54
Go
4,112
Maven
5,000+
npm
5,000+
NuGet
994
pip
5,000+
Pub
13
RubyGems
1,095
Rust
1,417
Swift
61
Unreviewed advisories
All unreviewed
5,000+

1,145 advisories

Loading
Gogs vulnerable to RCE via git rebase --exec argument injection in pull request merge Critical
CVE-2026-52806 was published for gogs.io/gogs (Go) Jun 23, 2026
Crypto-Cat Credited to Crypto-Cat
Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence... Critical Unreviewed
CVE-2026-12045 was published Jun 19, 2026
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were... Critical Unreviewed
CVE-2026-38717 was published Jun 18, 2026
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were... Critical Unreviewed
CVE-2026-38716 was published Jun 18, 2026
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were... Critical Unreviewed
CVE-2026-38715 was published Jun 18, 2026
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were... Critical Unreviewed
CVE-2026-38714 was published Jun 18, 2026
shell-quote quote() does not escape newlines in object .op values Critical
CVE-2026-9277 was published for shell-quote (npm) Jun 9, 2026
akshatgit Credited to akshatgit and ljharb ljharb ljharb
Authenticated Remote Code Execution via loadReader functionName code injection in DbGate Critical
CVE-2026-47670 was published for dbgate-api (npm) Jun 5, 2026
tomasvanagas Credited to tomasvanagas
MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper Critical
CVE-2026-47708 was published for stata-mcp (pip) Jun 4, 2026
SepineTam Credited to SepineTam
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows... Critical Unreviewed
CVE-2026-8037 was published Jun 4, 2026
Crafted MQTT messages can trigger command injection, resulting in root-level code execution on... Critical Unreviewed
CVE-2026-49199 was published May 29, 2026
A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302... Critical Unreviewed
CVE-2026-38702 was published May 28, 2026
A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302... Critical Unreviewed
CVE-2026-38704 was published May 28, 2026
A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302... Critical Unreviewed
CVE-2026-38703 was published May 28, 2026
A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302... Critical Unreviewed
CVE-2026-38707 was published May 28, 2026
Improper neutralization of special elements used in a command ('command injection') in Microsoft... Critical Unreviewed
CVE-2026-41090 was published May 26, 2026
Improper neutralization of special elements used in a command ('command injection') in Microsoft... Critical Unreviewed
CVE-2026-23652 was published May 26, 2026
An administrative user with access to configure webhooks can execute arbitrary commands by... Critical Unreviewed
CVE-2026-8431 was published May 12, 2026
Improper neutralization of special elements used in a command ('command injection') in Azure... Critical Unreviewed
CVE-2026-35428 was published May 8, 2026
TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and... Critical Unreviewed
CVE-2026-36841 was published Apr 29, 2026
A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is... Critical Unreviewed
CVE-2026-31255 was published Apr 27, 2026
A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl... Critical Unreviewed
CVE-2026-30352 was published Apr 27, 2026
electerm has Command Injection via runLinux funtion Critical
CVE-2026-41501 was published for electerm (npm) Apr 24, 2026
Yuremin Credited to Yuremin and FORIMOC FORIMOC FORIMOC
Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses Critical
GHSA-wpqr-6v78-jr5g was published for @google/gemini-cli (GitHub Actions) Apr 24, 2026
DanusMinimus Credited to DanusMinimus and EladMeged-Novee EladMeged-Novee EladMeged-Novee
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to... Critical Unreviewed
CVE-2026-31175 was published Apr 23, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database