Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,549
Maven
5,000+
npm
5,000+
NuGet
917
pip
4,798
Pub
13
RubyGems
1,038
Rust
1,237
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,406 advisories

Loading
A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability... Critical Unreviewed
CVE-2026-6644 was published Apr 20, 2026
Incomplete fix for CVE-2026-34935: Command Injection in MervinPraison/PraisonAI Critical
GHSA-9qhq-v63v-fv3j was published for praisonai (pip) Apr 17, 2026
decsecre583 Credited to decsecre583
Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration Critical
CVE-2026-23500 was published for dolibarr/dolibarr (Composer) Apr 17, 2026
lukasz-rybak Credited to lukasz-rybak
Paperclip: OS Command Injection via Execution Workspace cleanupCommand Critical
GHSA-vr7g-88fq-vhq3 was published for @paperclipai/server (npm) Apr 16, 2026
YuvalElbar6 Credited to YuvalElbar6
Flowise: Authenticated RCE Via MCP Adapters Critical
CVE-2026-40933 was published for flowise (npm) Apr 16, 2026
MosesOX Credited to MosesOX
The  iSherlock developed by HGiga  has an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2026-6349 was published Apr 16, 2026
A improper neutralization of special elements used in an os command ('os command injection')... Critical Unreviewed
CVE-2026-39808 was published Apr 14, 2026
aws-mcp has a Command Injection Remote Code Execution Vulnerability Critical
CVE-2026-5059 was published for aws-mcp (pip) Apr 11, 2026
arnewouters Credited to arnewouters
aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows... Critical Unreviewed
CVE-2026-5058 was published Apr 11, 2026
PraisonAI has critical RCE via `type: job` workflow YAML Critical
CVE-2026-40288 was published for PraisonAI (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py) Critical
CVE-2026-40111 was published for praisonaiagents (pip) Apr 10, 2026
g0w6y Credited to g0w6y
PraisonAI Vulnerable to OS Command Injection Critical
CVE-2026-40088 was published for PraisonAI (pip) Apr 8, 2026
l3tchupkt Credited to l3tchupkt
Cockpit's remote login feature passes user-supplied hostnames and usernames from the web... Critical Unreviewed
CVE-2026-4631 was published Apr 7, 2026
Tianxin Internet Behavior Management System contains a command injection vulnerability in the... Critical Unreviewed
CVE-2021-4473 was published Apr 7, 2026
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in... Critical Unreviewed
CVE-2026-35022 was published Apr 6, 2026
Budibase: Unauthenticated Remote Code Execution via Webhook Trigger and Bash Automation Step Critical
CVE-2026-35216 was published for @budibase/server (npm) Apr 4, 2026
da7om85 Credited to da7om85
ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation... Critical Unreviewed
CVE-2017-20236 was published Apr 4, 2026
Authenticated user can upload a malicious file to the server and execute it, which leads to... Critical Unreviewed
CVE-2026-2701 was published Apr 2, 2026
PraisonAI: OS Command Injection in MCPHandler.parse_mcp_command() Critical
CVE-2026-34935 was published for praisonai (pip) Apr 1, 2026
YeranG30 Credited to YeranG30
baserCMS has OS command injection vulnerability in installer Critical
CVE-2026-30880 was published for baserproject/basercms (Composer) Mar 31, 2026
baserCMS Update Functionality Vulnerable to OS Command Injection Critical
CVE-2026-30877 was published for baserproject/basercms (Composer) Mar 31, 2026
EricUeda Credited to EricUeda
baserCMS has OS Command Injection Leading to Remote Code Execution (RCE) Critical
CVE-2026-21861 was published for baserproject/basercms (Composer) Mar 31, 2026
kaminuma Credited to kaminuma
DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability... Critical Unreviewed
CVE-2026-30312 was published Mar 31, 2026
Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability... Critical Unreviewed
CVE-2026-30314 was published Mar 31, 2026
Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability... Critical Unreviewed
CVE-2026-30311 was published Mar 31, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database