Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
74
GitHub Actions
54
Go
4,134
Maven
5,000+
npm
5,000+
NuGet
1,013
pip
5,000+
Pub
13
RubyGems
1,095
Rust
1,419
Swift
61
Unreviewed advisories
All unreviewed
5,000+

4,966 advisories

Loading
Flowise before 3.0.6 (affected versions 2.2.7-patch.1 and earlier) contains an unsandboxed remote... Critical Unreviewed
CVE-2025-71336 was published Jun 26, 2026
ImageMagick: Policy Bypass can read disallowed files via symlink Moderate
CVE-2026-49219 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 25, 2026
GameZoneHacker Credited to GameZoneHacker
CWE-78 Neutralization of Special Elements used in an OS Command ('OS Command Injection')... High Unreviewed
CVE-2026-9717 was published Jun 25, 2026
Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper... High Unreviewed
CVE-2026-46735 was published Jun 25, 2026
OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on... High Unreviewed
CVE-2026-8660 was published Jun 25, 2026
OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows... Moderate Unreviewed
CVE-2026-8658 was published Jun 25, 2026
OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute... High Unreviewed
CVE-2026-8666 was published Jun 25, 2026
OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows... Moderate Unreviewed
CVE-2026-8664 was published Jun 25, 2026
OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on... High Unreviewed
CVE-2026-8665 was published Jun 25, 2026
OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows... High Unreviewed
CVE-2026-9155 was published Jun 25, 2026
OS Command Injection vulnerability in the process_string action of Rapid7 InsightConnect AWK... High Unreviewed
CVE-2026-8592 was published Jun 25, 2026
Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2026-9787 was published Jun 25, 2026
OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin on Linux allows... Moderate Unreviewed
CVE-2026-8663 was published Jun 25, 2026
Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2026-9772 was published Jun 25, 2026
Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2026-9773 was published Jun 25, 2026
OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows... Moderate Unreviewed
CVE-2026-8659 was published Jun 25, 2026
Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory... Moderate Unreviewed
CVE-2026-57282 was published Jun 24, 2026
Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of... Critical Unreviewed
CVE-2026-12851 was published Jun 24, 2026
Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of... Critical Unreviewed
CVE-2026-12486 was published Jun 24, 2026
Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of... Critical Unreviewed
CVE-2026-12850 was published Jun 24, 2026
Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of... Critical Unreviewed
CVE-2026-12849 was published Jun 24, 2026
Mise's local credential_command executes untrusted config Moderate
CVE-2026-55448 was published for mise (Rust) Jun 23, 2026
kq5y Credited to kq5y
Mise vulnerable to arbitrary command execution via task-include files in an untrusted, config-less repository High
CVE-2026-55441 was published for mise (Rust) Jun 23, 2026
0xzap Credited to 0xzap
AVideo has an incomplete fix of CVE-2026-33482: sanitizeFFmpegCommand still allows a single '&' (background operator), giving OS command execution at the same execAsync sh -c sink High
CVE-2026-55173 was published for wwbn/avideo (Composer) Jun 23, 2026
anir0y Credited to anir0y
NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code... High Unreviewed
CVE-2026-35018 was published Jun 23, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database