Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

4,671 advisories

Loading
aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows... Critical Unreviewed
CVE-2026-5058 was published Apr 11, 2026
ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2026-4157 was published Apr 11, 2026
aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability... Critical Unreviewed
CVE-2026-5059 was published Apr 11, 2026
PraisonAI has critical RCE via `type: job` workflow YAML Critical
GHSA-vc46-vw85-3wvm was published for PraisonAI (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py) Critical
CVE-2026-40111 was published for praisonaiagents (pip) Apr 10, 2026
g0w6y Credited to g0w6y
An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and... High Unreviewed
CVE-2026-33791 was published Apr 10, 2026
OpenClaw: GIT_DIR and related git plumbing env vars missing from exec env denylist (GHSA-m866-6qv5-p2fg variant) Low
GHSA-cm8v-2vh9-cxf3 was published for openclaw (npm) Apr 9, 2026
boy-hack Credited to boy-hack
OpenClaw Host-Exec Environment Variable Injection Moderate
GHSA-w9j9-w4cp-6wgr was published for openclaw (npm) Apr 9, 2026
wsparks-vc Credited to wsparks-vc
OpenClaw: HGRCPATH, CARGO_BUILD_RUSTC_WRAPPER, RUSTC_WRAPPER, and MAKEFLAGS missing from exec env denylist — RCE via build tool env injection (GHSA-cm8v-2vh9-cxf3 class) High
GHSA-7437-7hg8-frrw was published for openclaw (npm) Apr 9, 2026
boy-hack Credited to boy-hack
parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK... High Unreviewed
CVE-2026-40029 was published Apr 9, 2026
UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injection vulnerability... High Unreviewed
CVE-2026-40032 was published Apr 9, 2026
parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path... High Unreviewed
CVE-2026-40030 was published Apr 9, 2026
PraisonAI Vulnerable to OS Command Injection Critical
CVE-2026-40088 was published for PraisonAI (pip) Apr 8, 2026
l3tchupkt Credited to l3tchupkt
An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an... High Unreviewed
CVE-2026-30818 was published Apr 8, 2026
An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an... High Unreviewed
CVE-2026-30815 was published Apr 8, 2026
Fleet Affected by Local Privilege Escalation via Tcl Command Injection in Orbit High
CVE-2026-27806 was published for github.com/fleetdm/fleet/v4 (Go) Apr 8, 2026
bugbunny-research Credited to bugbunny-research
Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers... High Unreviewed
CVE-2026-5208 was published Apr 8, 2026
Emissary has a Command Injection via PLACE_NAME Configuration in Executrix High
CVE-2026-35581 was published for gov.nsa.emissary:emissary (Maven) Apr 8, 2026
BrennanTM Credited to BrennanTM
skilleton has improper input handling in repository/path processing Moderate
GHSA-5g3j-89fr-r2vp was published for skilleton (npm) Apr 8, 2026
File Browser has a Command Injection via Hook Runner High
CVE-2026-35585 was published for github.com/filebrowser/filebrowser/v2 (Go) Apr 8, 2026
Saku0512 Credited to Saku0512
Cockpit's remote login feature passes user-supplied hostnames and usernames from the web... Critical Unreviewed
CVE-2026-4631 was published Apr 7, 2026
Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper... High Unreviewed
CVE-2025-24817 was published Apr 7, 2026
Tianxin Internet Behavior Management System contains a command injection vulnerability in the... Critical Unreviewed
CVE-2021-4473 was published Apr 7, 2026
Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version... High Unreviewed
CVE-2026-5709 was published Apr 7, 2026
Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research... High Unreviewed
CVE-2026-5707 was published Apr 7, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database