GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
669 advisories
Filter by severity
A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS® software...
Moderate
Unreviewed
CVE-2026-0286
was published
Jul 9, 2026
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0...
Moderate
Unreviewed
CVE-2026-49813
was published
Jul 3, 2026
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0...
Moderate
Unreviewed
CVE-2026-54483
was published
Jul 3, 2026
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0...
Moderate
Unreviewed
CVE-2026-26355
was published
Jul 3, 2026
OpenClaw: Bundle MCP loopback could miss its exec denylist on session spawn
Moderate
GHSA-qh2f-99mv-mrcf
was published
for
openclaw
(npm)
Jul 2, 2026
@cyclonedx/cdxgen: Maven project scanning may allow shell command injection through repository-controlled module paths
Moderate
GHSA-5vwr-qchf-q4pf
was published
for
@cyclonedx/cdxgen
(npm)
Jun 26, 2026
ImageMagick: Policy Bypass can read disallowed files via symlink
Moderate
CVE-2026-49219
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Jun 25, 2026
OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows...
Moderate
Unreviewed
CVE-2026-8658
was published
Jun 25, 2026
OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows...
Moderate
Unreviewed
CVE-2026-8664
was published
Jun 25, 2026
OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows...
Moderate
Unreviewed
CVE-2026-8659
was published
Jun 25, 2026
OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin on Linux allows...
Moderate
Unreviewed
CVE-2026-8663
was published
Jun 25, 2026
Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory...
Moderate
Unreviewed
CVE-2026-57282
was published
Jun 24, 2026
Mise's local credential_command executes untrusted config
Moderate
CVE-2026-55448
was published
for
mise
(Rust)
Jun 23, 2026
OpenStack Horizon RC file generation does not escape special characters in project names
Moderate
CVE-2026-55748
was published
for
horizon
(pip)
Jun 17, 2026
A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated...
Moderate
Unreviewed
CVE-2026-0273
was published
Jun 11, 2026
Claude Code Action: Malicious MCP Server Configuration in PRs Enables Remote Code Execution and Secret Exfiltration
Moderate
CVE-2026-47751
was published
for
anthropics/claude-code-action
(GitHub Actions)
Jun 10, 2026
Improper neutralization of special elements in the built-in PAM provider password rotation...
Moderate
Unreviewed
CVE-2026-10544
was published
Jun 8, 2026
A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in...
Moderate
Unreviewed
CVE-2026-10805
was published
Jun 4, 2026
Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables
Moderate
CVE-2026-46618
was published
for
github.com/fission/fission
(Go)
May 21, 2026
Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local...
Moderate
Unreviewed
CVE-2026-44076
was published
May 21, 2026
A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have...
Moderate
Unreviewed
CVE-2026-20206
was published
May 20, 2026
Setup PHP: Command Injection in Repository-Derived PHP Version Resolution
Moderate
CVE-2026-46420
was published
for
shivammathur/setup-php
(GitHub Actions)
May 20, 2026
A command injection vulnerability exists in Panabit PAP-XM320 up to and including V7.7. The web...
Moderate
Unreviewed
CVE-2026-36827
was published
May 19, 2026
Arcane Backend: OS Command Injection in Volume Browser ListDirectory via path query parameter
Moderate
CVE-2026-45626
was published
for
github.com/getarcaneapp/arcane/backend
(Go)
May 18, 2026
@apostrophecms/cli: Command Injection in apos create via Unsanitized Password Input
Moderate
CVE-2026-42853
was published
for
@apostrophecms/cli
(npm)
May 14, 2026
ProTip!
Advisories are also available from the
GraphQL API