GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
211 advisories
electerm has Command Injection via runLinux funtion
Critical
CVE-2026-41501
was published
for
electerm
(npm)
Apr 24, 2026
Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses
Critical
GHSA-wpqr-6v78-jr5g
was published
for
@google/gemini-cli
(GitHub Actions)
Apr 24, 2026
Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability
Critical
CVE-2026-41265
was published
for
flowise
(npm)
Apr 18, 2026
electerm: electerm_install_script_CommandInjection Vulnerability Report
Critical
CVE-2026-41500
was published
for
electerm
(npm)
Apr 16, 2026
OpenClaw: Arbitrary code execution via unvalidated WebView JavascriptInterface
High
CVE-2026-35643
was published
for
openclaw
(npm)
Mar 26, 2026
@siteboon/claude-code-ui is Vulnerable to Command Injection via Multiple Parameters
Critical
CVE-2026-31862
was published
for
@siteboon/claudecodeui
(npm)
Mar 11, 2026
@budibase/server: Command Injection in PostgreSQL Dump Command
High
CVE-2026-25041
was published
for
@budibase/server
(npm)
Mar 9, 2026
OpenClaw Improperly Neutralizes Line Breaks in systemd Unit Generation Enables Local Command Execution (Linux)
High
CVE-2026-32063
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: Unsanitized CWD path injection into LLM prompts
High
CVE-2026-27001
was published
for
openclaw
(npm)
Feb 18, 2026
BrowserStack Local vulnerable to Command Injection through logfile variable
Moderate
CVE-2025-57283
was published
for
browserstack-local
(npm)
Jan 28, 2026
Saltcorn's Reflected XSS and Command Injection vulnerabilities can be chained for 1-click-RCE
Critical
GHSA-cr3w-cw5w-h3fj
was published
for
@saltcorn/server
(npm)
Jan 26, 2026
Orval Mock Generation Code Injection via const
High
CVE-2026-24132
was published
for
@orval/mock
(npm)
Jan 22, 2026
Orval has a code injection via unsanitized x-enum-descriptions in enum generation
Critical
CVE-2026-23947
was published
for
@orval/core
(npm)
Jan 21, 2026
Renovate vulnerable to arbitrary command injection via helmv3 manager and malicious Chart.yaml file
Moderate
GHSA-3f44-xw83-3pmg
was published
for
renovate
(npm)
Jan 13, 2026
ProTip!
Advisories are also available from the
GraphQL API