Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

4,738 advisories

Loading
Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had... High Unreviewed
CVE-2026-42994 was published May 1, 2026
HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command... High Unreviewed
CVE-2026-7551 was published May 1, 2026
Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume... High Unreviewed
CVE-2026-7461 was published Apr 30, 2026
Synway SMG Gateway Management Software contains an OS command injection vulnerability in the... Critical Unreviewed
CVE-2025-71284 was published Apr 30, 2026
Improper neutralization of special elements used in an OS command ('OS command injection')... High Unreviewed
CVE-2026-6849 was published Apr 29, 2026
A security vulnerability has been detected in D-Link DI-500WF 14.04.10A1T. The impacted element... Low Unreviewed
CVE-2025-9745 was published Apr 29, 2026
Penetration Testing engineers at Amazon discovered a vulnerability where the camera system failed... High Unreviewed
CVE-2024-54012 was published Apr 28, 2026
A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP... High Unreviewed
CVE-2026-1460 was published Apr 28, 2026
A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel... Moderate Unreviewed
CVE-2026-0711 was published Apr 28, 2026
A command injection vulnerability exists in the web server of specific firmware versions of... High Unreviewed
CVE-2026-32649 was published Apr 28, 2026
An OS command Injection issue exists in LogonTracer prior to v2.0.0. An arbitrary OS command may... High Unreviewed
CVE-2026-33277 was published Apr 27, 2026
GitPython has Command Injection via Git options bypass High
GHSA-rpm5-65cw-6hj4 was published for GitPython (pip) Apr 25, 2026
WesR Credited to WesR
LiteLLM: Authenticated command execution via MCP stdio test endpoints High
GHSA-v4p8-mg3p-g94g was published for litellm (pip) Apr 25, 2026
Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses Critical
GHSA-wpqr-6v78-jr5g was published for @google/gemini-cli (GitHub Actions) Apr 24, 2026
DanusMinimus Credited to DanusMinimus and EladMeged-Novee EladMeged-Novee EladMeged-Novee
OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment High
CVE-2026-41900 was published for openlearnx (npm) Apr 23, 2026
krrazee Credited to krrazee, 0x5t4l1n, and harriiinnii 0x5t4l1n 0x5t4l1n
harriiinnii harriiinnii
radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows... Critical Unreviewed
CVE-2026-6942 was published Apr 23, 2026
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to... Critical Unreviewed
CVE-2026-31177 was published Apr 23, 2026
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to... Critical Unreviewed
CVE-2026-31178 was published Apr 23, 2026
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to... Critical Unreviewed
CVE-2026-31181 was published Apr 23, 2026
IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could... High Unreviewed
CVE-2026-5935 was published Apr 23, 2026
radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars... High Unreviewed
CVE-2026-40517 was published Apr 23, 2026
Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution Critical
GHSA-j5w5-568x-rq53 was published for @evomap/evolver (npm) Apr 22, 2026
xeloxa Credited to xeloxa
Inspektor Gadget: Command Injection via malicious buildOptions manipulation Moderate
CVE-2026-24905 was published for github.com/inspektor-gadget/inspektor-gadget (Go) Apr 22, 2026
ndaprela Credited to ndaprela, suidpit, eiffel-fl, and burak-ok suidpit suidpit
eiffel-fl eiffel-fl burak-ok burak-ok
RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution Critical
CVE-2026-41179 was published for github.com/rclone/rclone (Go) Apr 22, 2026
0wnerDied Credited to 0wnerDied and ncw ncw ncw
An improper neutralization of special elements vulnerability was identified in GitHub Enterprise... High Unreviewed
CVE-2026-4821 was published Apr 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database