GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
68 advisories
Filter by severity
launch-editor vulnerable to command injection via the crafted request on Windows
High
CVE-2024-52011
was published
for
launch-editor
(npm)
Jun 3, 2026
ngrok is Vulnerable to Command Injection
High
CVE-2025-57282
was published
for
ngrok
(npm)
May 18, 2026
Claude Code: Trust Dialog Bypass via Git Worktree Spoofing Allows Arbitrary Code Execution
High
CVE-2026-40068
was published
for
@anthropic-ai/claude-code
(npm)
Apr 24, 2026
Paperclip: Malicious skills able to exfiltrate and destroy all user data
High
GHSA-w8hx-hqjv-vjcq
was published
for
@paperclipai/server
(npm)
Apr 16, 2026
OpenClaw: Arbitrary code execution via unvalidated WebView JavascriptInterface
High
CVE-2026-35643
was published
for
openclaw
(npm)
Mar 26, 2026
OpenClaw Improperly Neutralizes Line Breaks in systemd Unit Generation Enables Local Command Execution (Linux)
High
CVE-2026-32063
was published
for
openclaw
(npm)
Mar 3, 2026
@budibase/server: Command Injection in PostgreSQL Dump Command
High
CVE-2026-25041
was published
for
@budibase/server
(npm)
Mar 9, 2026
Orval Mock Generation Code Injection via const
High
CVE-2026-24132
was published
for
@orval/mock
(npm)
Jan 22, 2026
OpenClaw: Unsanitized CWD path injection into LLM prompts
High
CVE-2026-27001
was published
for
openclaw
(npm)
Feb 18, 2026
Duplicate Advisory: Command Injection in fs-git
High
CVE-2017-16087
was published
for
fs-git
(npm)
May 29, 2019
•
withdrawn
Command injection in node-dns-sync
High
CVE-2020-11079
was published
for
dns-sync
(npm)
May 28, 2020
serverless MCP Server vulnerable to Command Injection in list-projects tool
High
CVE-2025-69256
was published
for
serverless
(npm)
Dec 31, 2025
Claude Code Command Validation Bypass Allows Arbitrary Code Execution
High
CVE-2025-66032
was published
for
@anthropic-ai/claude-code
(npm)
Dec 3, 2025
`git-comiters` Command Injection vulnerability
High
CVE-2025-59831
was published
for
git-commiters
(npm)
Sep 22, 2025
Flowise: Authenticated Command Execution and Sandbox Bypass via Puppeteer and Playwright Packages
High
CVE-2025-34267
was published
for
flowise
(npm)
Oct 14, 2025
figma-developer-mcp vulnerable to command injection in get_figma_data tool
High
CVE-2025-53967
was published
for
figma-developer-mcp
(npm)
Sep 30, 2025
mcp-markdownify-server vulnerable to command injection in pptx-to-markdown tool
High
CVE-2025-58358
was published
for
mcp-markdownify-server
(npm)
Sep 2, 2025
mcp-package-docs vulnerable to command injection in several tools
High
CVE-2025-54073
was published
for
mcp-package-docs
(npm)
Aug 5, 2025
@translated/lara-mcp vulnerable to command injection in import_tmx tool
High
CVE-2025-53832
was published
for
@translated/lara-mcp
(npm)
Jul 21, 2025
MCP Server Kubernetes vulnerable to command injection in several tools
High
CVE-2025-53355
was published
for
mcp-server-kubernetes
(npm)
Jul 8, 2025
Node.js Sandbox MCP Server vulnerability can lead to Sandbox Escape via Command Injection
High
CVE-2025-53372
was published
for
node-code-sandbox-mcp
(npm)
Jul 8, 2025
@cyanheads/git-mcp-server vulnerable to command injection in several tools
High
CVE-2025-53107
was published
for
@cyanheads/git-mcp-server
(npm)
Jun 30, 2025
@hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE
High
CVE-2024-34347
was published
for
@hoppscotch/cli
(npm)
Apr 22, 2024
ProTip!
Advisories are also available from the
GraphQL API