Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

166 advisories

Loading
A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency... High Unreviewed
CVE-2026-11332 was published Jun 5, 2026
Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release... High Unreviewed
CVE-2026-41013 was published Jun 1, 2026
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection... High Unreviewed
CVE-2026-49373 was published May 29, 2026
A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect... High Unreviewed
CVE-2026-3515 was published May 26, 2026
IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote... High Unreviewed
CVE-2026-47114 was published May 21, 2026
Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor High
CVE-2026-43943 was published for electerm (npm) May 8, 2026
osageling Credited to osageling
Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click High
CVE-2026-43941 was published for electerm (npm) May 8, 2026
osageling Credited to osageling
JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request High
CVE-2026-42266 was published for jupyterlab (pip) May 5, 2026
pmcao Credited to pmcao, Yann-P, and krassowski Yann-P Yann-P
krassowski krassowski
exiftool-vendored vulnerable to argument injection via newline characters in tag names High
CVE-2026-43893 was published for exiftool-vendored (npm) May 5, 2026
Dobby153 Credited to Dobby153
A hidden console command is vulnerable to command injection flaw when control characters are... High Unreviewed
CVE-2026-7865 was published May 5, 2026
GitPython: Unsafe option check validates multi_options before shlex.split transformation High
CVE-2026-42284 was published for GitPython (pip) Apr 25, 2026
Texuguinho1234 Credited to Texuguinho1234
PHPUnit: Argument injection via newline in PHP INI values forwarded to child processes High
GHSA-mh6w-vxff-9wqp was published for phpunit/phpunit (Composer) Apr 22, 2026
Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE High
CVE-2026-40938 was published for github.com/tektoncd/pipeline (Go) Apr 21, 2026
offset Credited to offset, vdemeester, kodareef5, and waveywaves vdemeester vdemeester
kodareef5 kodareef5 waveywaves waveywaves
PHPUnit has Argument injection via newline in PHP INI values that are forwarded to child processes High
CVE-2026-41570 was published for phpunit/phpunit (Composer) Apr 18, 2026
kayw-geek Credited to kayw-geek, sebastianbergmann, and sanmai sebastianbergmann sebastianbergmann
sanmai sanmai
During an internal security assessment, a potential vulnerability was discovered in Lenovo... High Unreviewed
CVE-2026-4145 was published Apr 15, 2026
MCP Server Kubernetes has an Argument Injection in port_forward tool via space-splitting High
CVE-2026-39884 was published for mcp-server-kubernetes (npm) Apr 14, 2026
TharVid Credited to TharVid
SSH/SCP option injection allowing local RCE in @aiondadotcom/mcp-ssh High
GHSA-p4h8-56qp-hpgv was published for @aiondadotcom/mcp-ssh (npm) Apr 14, 2026
PraisonAI Vulnerable to Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars High
CVE-2026-40113 was published for PraisonAI (pip) Apr 10, 2026
aswinastro Credited to aswinastro and g0w6y g0w6y g0w6y
File Browser has a Command Injection via Hook Runner High
CVE-2026-35585 was published for github.com/filebrowser/filebrowser/v2 (Go) Apr 8, 2026
Saku0512 Credited to Saku0512
Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference High
CVE-2026-34769 was published for electron (npm) Apr 3, 2026
Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to... High Unreviewed
CVE-2026-0634 was published Apr 2, 2026
In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF... High Unreviewed
CVE-2026-29954 was published Mar 30, 2026
A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can... High Unreviewed
CVE-2025-41761 was published Mar 9, 2026
Gogs: Release tag option injection in release deletion High
CVE-2026-26194 was published for gogs.io/gogs (Go) Mar 5, 2026
rezmoss Credited to rezmoss
An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute... High Unreviewed
CVE-2026-26514 was published Mar 4, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database