Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

5,043 advisories

Loading
laravel-backup-restore has an OS Command Injection during database restore High
CVE-2026-53932 was published for wnx/laravel-backup-restore (Composer) Jul 9, 2026
YHalo-wyh Credited to YHalo-wyh
Nuclio: Unsanitized cron trigger event headers/body injected into CronJob shell command leads to persistent RCE Critical
CVE-2026-52831 was published for github.com/nuclio/nuclio (Go) Jul 8, 2026
j311yl0v3u Credited to j311yl0v3u and b0b0haha b0b0haha b0b0haha
EGroupware has Authenticated RCE via Malicious eTemplate Upload High
CVE-2026-40187 was published for egroupware/egroupware (Composer) Jul 7, 2026
dapickle Credited to dapickle
Linuxfabrik Monitoring Plugins have local privilege escalation using embedded command High
CVE-2026-55426 was published for linuxfabrik-lib (pip) Jul 6, 2026
OoYo0uto Credited to OoYo0uto
Coder vulnerable to SSH config injection via unsanitized server-supplied values in `coder config-ssh` High
CVE-2026-55427 was published for github.com/coder/coder/v2 (Go) Jul 6, 2026
flyto-core has Unauthenticated Command Execution via HTTP MCP `execute_module` High
CVE-2026-55786 was published for flyto-core (pip) Jul 6, 2026
EQSTLab Credited to EQSTLab
9router: Missing Authorization and OS Command Injection Critical
CVE-2026-59800 was published for 9router (npm) Jul 2, 2026
vcth4nh Credited to vcth4nh and Ductinn Ductinn Ductinn
electerm has Command Injection in File System Operations (rmrf, mv, cp) High
CVE-2026-49255 was published for electerm (npm) Jul 2, 2026
hibrian827 Credited to hibrian827
ProTip! Advisories are also available from the GraphQL API