GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
5,043 advisories
Filter by severity
A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS® software...
Moderate
Unreviewed
CVE-2026-0286
was published
Jul 9, 2026
laravel-backup-restore has an OS Command Injection during database restore
High
CVE-2026-53932
was published
for
wnx/laravel-backup-restore
(Composer)
Jul 9, 2026
gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability...
High
Unreviewed
CVE-2026-58459
was published
Jul 9, 2026
Nuclio: Unsanitized cron trigger event headers/body injected into CronJob shell command leads to persistent RCE
Critical
CVE-2026-52831
was published
for
github.com/nuclio/nuclio
(Go)
Jul 8, 2026
Horde Virtual File System (VFS) API before 3.0.1 contains an OS command injection vulnerability...
High
Unreviewed
CVE-2026-60102
was published
Jul 8, 2026
An OS command injection vulnerability exists in the sub_34984() function of the "rc" binary in...
High
Unreviewed
CVE-2026-24699
was published
Jul 8, 2026
An OS command injection vulnerability exists in the start_lltd() function of the "rc" binary in...
High
Unreviewed
CVE-2026-24700
was published
Jul 8, 2026
An OS command injection vulnerability exists in the save_syslog_to_file() function of the "httpd"...
High
Unreviewed
CVE-2026-24698
was published
Jul 8, 2026
An OS command injection vulnerability exists in the start_bonjour() function of the "rc" binary...
High
Unreviewed
CVE-2026-24697
was published
Jul 8, 2026
A vulnerability was found in bentoml OpenLLM 0.6.30. This affects the function async_run_command...
Low
Unreviewed
CVE-2026-15035
was published
Jul 8, 2026
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0...
High
Unreviewed
CVE-2026-53479
was published
Jul 7, 2026
EGroupware has Authenticated RCE via Malicious eTemplate Upload
High
CVE-2026-40187
was published
for
egroupware/egroupware
(Composer)
Jul 7, 2026
Linuxfabrik Monitoring Plugins have local privilege escalation using embedded command
High
CVE-2026-55426
was published
for
linuxfabrik-lib
(pip)
Jul 6, 2026
Coder vulnerable to SSH config injection via unsanitized server-supplied values in `coder config-ssh`
High
CVE-2026-55427
was published
for
github.com/coder/coder/v2
(Go)
Jul 6, 2026
flyto-core has Unauthenticated Command Execution via HTTP MCP `execute_module`
High
CVE-2026-55786
was published
for
flyto-core
(pip)
Jul 6, 2026
myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users...
High
Unreviewed
CVE-2026-12195
was published
Jul 4, 2026
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0...
High
Unreviewed
CVE-2026-53478
was published
Jul 3, 2026
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0...
High
Unreviewed
CVE-2026-49815
was published
Jul 3, 2026
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0...
High
Unreviewed
CVE-2026-49814
was published
Jul 3, 2026
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0...
Moderate
Unreviewed
CVE-2026-49813
was published
Jul 3, 2026
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0...
Moderate
Unreviewed
CVE-2026-54483
was published
Jul 3, 2026
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0...
Moderate
Unreviewed
CVE-2026-26355
was published
Jul 3, 2026
9router: Missing Authorization and OS Command Injection
Critical
CVE-2026-59800
was published
for
9router
(npm)
Jul 2, 2026
electerm has Command Injection in File System Operations (rmrf, mv, cp)
High
CVE-2026-49255
was published
for
electerm
(npm)
Jul 2, 2026
Grackle has command/argument injection in the git worktree executor that enables RCE on provisioned hosts via an unsanitized task branch name (shell:true)
High
GHSA-vv65-f55v-xm6g
was published
for
@grackle-ai/powerline
(npm)
Jul 2, 2026
ProTip!
Advisories are also available from the
GraphQL API