Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

348 advisories

Loading
File Browser: Command Injection via Authentication Hook Shell Substitution (Pre-Authentication RCE) Critical
CVE-2026-54088 was published for github.com/filebrowser/filebrowser/v2 (Go) Jul 10, 2026
Saku0512 Credited to Saku0512 and hacdias hacdias hacdias
OoYo0uto Credited to OoYo0uto
repomix Vulnerable to Command Injection (RCE) via `--remote-branch` Argument Injection High
CVE-2026-49987 was published for repomix (npm) Jul 1, 2026
kakashi-kx Credited to kakashi-kx
pnpm: Git Fetch Argument Injection via Lockfile resolution.commit Moderate
CVE-2026-50014 was published for pnpm (npm) Jun 26, 2026
tempcollab Credited to tempcollab
@cyclonedx/cdxgen: Maven project scanning may allow shell command injection through repository-controlled module paths Moderate
GHSA-5vwr-qchf-q4pf was published for @cyclonedx/cdxgen (npm) Jun 26, 2026
aleff-github Credited to aleff-github
Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages() High
CVE-2026-12530 was published for bedrock-agentcore (pip) Jun 19, 2026
MrCloudSec Credited to MrCloudSec
Crawl4AI: Unauthenticated RCE via Chromium launch-argument injection in browser_config.extra_args Critical
GHSA-r253-r9jw-qg44 was published for crawl4ai (pip) Jun 18, 2026
hoanggxyuuki Credited to hoanggxyuuki
Docker MCP Gateway: Argument injection via OCI image label YAML High
CVE-2026-55887 was published for github.com/docker/mcp-gateway (Go) Jun 18, 2026
MCP Server Kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration Moderate
CVE-2026-47250 was published for mcp-server-kubernetes (npm) Jun 5, 2026
yotampe-pluto Credited to yotampe-pluto
Symfony has an Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address Moderate
CVE-2026-45068 was published for symfony/mailer (Composer) May 27, 2026
Kata Containers have VM Escape via virtiofsd Argument Injection through Default-Enabled Pod Annotations Moderate
CVE-2026-44210 was published for github.com/kata-containers/kata-containers (Go) May 26, 2026
K-Rintaro Credited to K-Rintaro and fidencio fidencio fidencio
Prefect has an Argument Injection issue High
CVE-2026-3515 was published for prefect (pip) May 26, 2026
ProTip! Advisories are also available from the GraphQL API