GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,127 advisories
electerm has Command Injection via runLinux funtion
Critical
CVE-2026-41501
was published
for
electerm
(npm)
Apr 24, 2026
Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses
Critical
GHSA-wpqr-6v78-jr5g
was published
for
@google/gemini-cli
(GitHub Actions)
Apr 24, 2026
Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability
Critical
CVE-2026-41265
was published
for
flowise
(npm)
Apr 18, 2026
PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection
Critical
CVE-2026-41497
was published
for
praisonai
(pip)
Apr 17, 2026
electerm: electerm_install_script_CommandInjection Vulnerability Report
Critical
CVE-2026-41500
was published
for
electerm
(npm)
Apr 16, 2026
Emissary has GitHub Actions Shell Injection via Workflow Inputs
Critical
CVE-2026-35580
was published
for
gov.nsa.emissary:emissary
(Maven)
Apr 8, 2026
MLflow Command Injection vulnerability
Critical
CVE-2025-15379
was published
for
mlflow
(pip)
Mar 30, 2026
wenxian: Command Injection in GitHub Actions Workflow via `issue_comment.body`
Critical
CVE-2026-34243
was published
for
njzjz/wenxian
(GitHub Actions)
Mar 29, 2026
ProTip!
Advisories are also available from the
GraphQL API