GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
repomix Vulnerable to Command Injection (RCE) via `--remote-branch` Argument Injection
High
CVE-2026-49987
was published
for
repomix
(npm)
Jul 1, 2026
exiftool-vendored vulnerable to argument injection via newline characters in tag names
High
CVE-2026-43893
was published
for
exiftool-vendored
(npm)
May 5, 2026
Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor
High
CVE-2026-43943
was published
for
electerm
(npm)
May 8, 2026
Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click
High
CVE-2026-43941
was published
for
electerm
(npm)
May 8, 2026
MCP Server Kubernetes has an Argument Injection in port_forward tool via space-splitting
High
CVE-2026-39884
was published
for
mcp-server-kubernetes
(npm)
Apr 14, 2026
SSH/SCP option injection allowing local RCE in @aiondadotcom/mcp-ssh
High
GHSA-p4h8-56qp-hpgv
was published
for
@aiondadotcom/mcp-ssh
(npm)
Apr 14, 2026
Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference
High
CVE-2026-34769
was published
for
electron
(npm)
Apr 3, 2026
OpenClaw has Windows system.run approval mismatch on cmd.exe /c trailing arguments
High
CVE-2026-22168
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw has an exec allowlist bypass via command substitution/backticks inside double quotes
High
CVE-2026-28470
was published
for
openclaw
(npm)
Feb 17, 2026
Cloudinary Node SDK is vulnerable to Arbitrary Argument Injection through parameters that include an ampersand
High
CVE-2025-12613
was published
for
cloudinary
(npm)
Nov 10, 2025
OS Command Injection in git-promise
High
CVE-2022-24376
was published
for
git-promise
(npm)
Jun 11, 2022
mc-kill-port vulnerable to Arbitrary Command Execution via kill function
High
CVE-2022-25973
was published
for
mc-kill-port
(npm)
Aug 11, 2022
ProTip!
Advisories are also available from the
GraphQL API