Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

68 advisories

Loading
launch-editor vulnerable to command injection via the crafted request on Windows High
CVE-2024-52011 was published for launch-editor (npm) Jun 3, 2026
Ry0taK Credited to Ry0taK
ngrok is Vulnerable to Command Injection High
CVE-2025-57282 was published for ngrok (npm) May 18, 2026
Claude Code: Trust Dialog Bypass via Git Worktree Spoofing Allows Arbitrary Code Execution High
CVE-2026-40068 was published for @anthropic-ai/claude-code (npm) Apr 24, 2026
Paperclip: Malicious skills able to exfiltrate and destroy all user data High
GHSA-w8hx-hqjv-vjcq was published for @paperclipai/server (npm) Apr 16, 2026
OpenClaw: Arbitrary code execution via unvalidated WebView JavascriptInterface High
CVE-2026-35643 was published for openclaw (npm) Mar 26, 2026
cyjhhh Credited to cyjhhh
tdjackey Credited to tdjackey
@budibase/server: Command Injection in PostgreSQL Dump Command High
CVE-2026-25041 was published for @budibase/server (npm) Mar 9, 2026
omkarparth Credited to omkarparth
Orval Mock Generation Code Injection via const High
CVE-2026-24132 was published for @orval/mock (npm) Jan 22, 2026
k14uz Credited to k14uz
OpenClaw: Unsanitized CWD path injection into LLM prompts High
CVE-2026-27001 was published for openclaw (npm) Feb 18, 2026
aether-ai-agent Credited to aether-ai-agent
Duplicate Advisory: Command Injection in fs-git High
CVE-2017-16087 was published for fs-git (npm) May 29, 2019 withdrawn
Command injection in node-dns-sync High
CVE-2020-11079 was published for dns-sync (npm) May 28, 2020
ljharb Credited to ljharb
serverless MCP Server vulnerable to Command Injection in list-projects tool High
CVE-2025-69256 was published for serverless (npm) Dec 31, 2025
dellalibera Credited to dellalibera
Command Injection in strapi High
CVE-2019-19609 was published for strapi (npm) Sep 4, 2020
Claude Code Command Validation Bypass Allows Arbitrary Code Execution High
CVE-2025-66032 was published for @anthropic-ai/claude-code (npm) Dec 3, 2025
Ry0taK Credited to Ry0taK
`git-comiters` Command Injection vulnerability High
CVE-2025-59831 was published for git-commiters (npm) Sep 22, 2025
lirantal Credited to lirantal
figma-developer-mcp vulnerable to command injection in get_figma_data tool High
CVE-2025-53967 was published for figma-developer-mcp (npm) Sep 30, 2025
dellalibera Credited to dellalibera
mcp-markdownify-server vulnerable to command injection in pptx-to-markdown tool High
CVE-2025-58358 was published for mcp-markdownify-server (npm) Sep 2, 2025
0xRoyR Credited to 0xRoyR
Command Injection in lodash High
CVE-2021-23337 was published for lodash (RubyGems) May 6, 2021
mitchell-codecov Credited to mitchell-codecov, nitaiapiiro, ebickle, and G-Rath nitaiapiiro nitaiapiiro
ebickle ebickle G-Rath G-Rath
mcp-package-docs vulnerable to command injection in several tools High
CVE-2025-54073 was published for mcp-package-docs (npm) Aug 5, 2025
dellalibera Credited to dellalibera
@translated/lara-mcp vulnerable to command injection in import_tmx tool High
CVE-2025-53832 was published for @translated/lara-mcp (npm) Jul 21, 2025
dellalibera Credited to dellalibera
MCP Server Kubernetes vulnerable to command injection in several tools High
CVE-2025-53355 was published for mcp-server-kubernetes (npm) Jul 8, 2025
dellalibera Credited to dellalibera
Node.js Sandbox MCP Server vulnerability can lead to Sandbox Escape via Command Injection High
CVE-2025-53372 was published for node-code-sandbox-mcp (npm) Jul 8, 2025
dellalibera Credited to dellalibera
@cyanheads/git-mcp-server vulnerable to command injection in several tools High
CVE-2025-53107 was published for @cyanheads/git-mcp-server (npm) Jun 30, 2025
dellalibera Credited to dellalibera and cyanheads cyanheads cyanheads
@hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE High
CVE-2024-34347 was published for @hoppscotch/cli (npm) Apr 22, 2024
oskar-zeinomahmalat-sonarsource Credited to oskar-zeinomahmalat-sonarsource and mufeedvh mufeedvh mufeedvh
ProTip! Advisories are also available from the GraphQL API