Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

328 advisories

Loading
MCP Server Kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration Moderate
CVE-2026-47250 was published for mcp-server-kubernetes (npm) Jun 5, 2026
yotampe-pluto Credited to yotampe-pluto
A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency... High Unreviewed
CVE-2026-11332 was published Jun 5, 2026
Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release... High Unreviewed
CVE-2026-41013 was published Jun 1, 2026
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection... High Unreviewed
CVE-2026-49373 was published May 29, 2026
Symfony has an Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address Moderate
CVE-2026-45068 was published for symfony/mailer (Composer) May 27, 2026
Kata Containers have VM Escape via virtiofsd Argument Injection through Default-Enabled Pod Annotations Moderate
CVE-2026-44210 was published for github.com/kata-containers/kata-containers (Go) May 26, 2026
K-Rintaro Credited to K-Rintaro and fidencio fidencio fidencio
A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect... High Unreviewed
CVE-2026-3515 was published May 26, 2026
IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote... High Unreviewed
CVE-2026-47114 was published May 21, 2026
Diesel: Command injection in Diesel's implementation of `COPY FROM`/`COPY TO` Moderate
GHSA-m9p2-fxp5-v3fp was published for diesel (Rust) May 19, 2026
dbt MCP Server has an Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters Moderate
CVE-2026-44968 was published for dbt-mcp (pip) May 14, 2026
hewei-gikaku Credited to hewei-gikaku
n8n Has an Arbitrary File Read via Git Node Critical
CVE-2026-44790 was published for n8n (npm) May 14, 2026
simonkoeck Credited to simonkoeck
The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection... Critical Unreviewed
CVE-2026-31230 was published May 12, 2026
An improper neutralization of argument delimiters in a command ('argument injection')... Moderate Unreviewed
CVE-2026-25690 was published May 12, 2026
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM... Moderate Unreviewed
CVE-2025-40948 was published May 12, 2026
Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation (via... Moderate Unreviewed
CVE-2026-45181 was published May 10, 2026
Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor High
CVE-2026-43943 was published for electerm (npm) May 8, 2026
osageling Credited to osageling
Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click High
CVE-2026-43941 was published for electerm (npm) May 8, 2026
osageling Credited to osageling
JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request High
CVE-2026-42266 was published for jupyterlab (pip) May 5, 2026
pmcao Credited to pmcao, Yann-P, and krassowski Yann-P Yann-P
krassowski krassowski
exiftool-vendored vulnerable to argument injection via newline characters in tag names High
CVE-2026-43893 was published for exiftool-vendored (npm) May 5, 2026
Dobby153 Credited to Dobby153
A hidden console command is vulnerable to command injection flaw when control characters are... High Unreviewed
CVE-2026-7865 was published May 5, 2026
ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView Critical
CVE-2026-42601 was published for archivebox (pip) May 4, 2026
q1uf3ng Credited to q1uf3ng
Gotenberg has ExifTool stdin argument injection via metadata value newlines (bypass of key sanitization fix) Critical
CVE-2026-40281 was published for github.com/gotenberg/gotenberg/v8 (Go) Apr 30, 2026
morimori-dev Credited to morimori-dev
GitPython: Unsafe option check validates multi_options before shlex.split transformation High
CVE-2026-42284 was published for GitPython (pip) Apr 25, 2026
Texuguinho1234 Credited to Texuguinho1234
PHPUnit: Argument injection via newline in PHP INI values forwarded to child processes High
GHSA-mh6w-vxff-9wqp was published for phpunit/phpunit (Composer) Apr 22, 2026
Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE High
CVE-2026-40938 was published for github.com/tektoncd/pipeline (Go) Apr 21, 2026
offset Credited to offset, vdemeester, kodareef5, and waveywaves vdemeester vdemeester
kodareef5 kodareef5 waveywaves waveywaves
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database