Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

15 advisories

Loading
repomix Vulnerable to Command Injection (RCE) via `--remote-branch` Argument Injection High
CVE-2026-49987 was published for repomix (npm) Jul 1, 2026
kakashi-kx Credited to kakashi-kx
exiftool-vendored vulnerable to argument injection via newline characters in tag names High
CVE-2026-43893 was published for exiftool-vendored (npm) May 5, 2026
Dobby153 Credited to Dobby153
Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor High
CVE-2026-43943 was published for electerm (npm) May 8, 2026
osageling Credited to osageling
osageling Credited to osageling
MCP Server Kubernetes has an Argument Injection in port_forward tool via space-splitting High
CVE-2026-39884 was published for mcp-server-kubernetes (npm) Apr 14, 2026
TharVid Credited to TharVid
SSH/SCP option injection allowing local RCE in @aiondadotcom/mcp-ssh High
GHSA-p4h8-56qp-hpgv was published for @aiondadotcom/mcp-ssh (npm) Apr 14, 2026
OpenClaw has Windows system.run approval mismatch on cmd.exe /c trailing arguments High
CVE-2026-22168 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw has an exec allowlist bypass via command substitution/backticks inside double quotes High
CVE-2026-28470 was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
Command injection in git-clone High
CVE-2022-25900 was published for git-clone (npm) Jul 2, 2022
lirantal Credited to lirantal
Command injection in simple-git High
CVE-2022-24066 was published for simple-git (npm) Apr 2, 2022
lirantal Credited to lirantal and rhelinko-telia rhelinko-telia rhelinko-telia
Null characters not escaped High
CVE-2021-21384 was published for shescape (npm) Mar 18, 2021
OS Command Injection in git-promise High
CVE-2022-24376 was published for git-promise (npm) Jun 11, 2022
lirantal Credited to lirantal
mc-kill-port vulnerable to Arbitrary Command Execution via kill function High
CVE-2022-25973 was published for mc-kill-port (npm) Aug 11, 2022
ProTip! Advisories are also available from the GraphQL API