GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
348 advisories
Filter by severity
MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured...
Critical
Unreviewed
CVE-2026-61459
was published
Jul 10, 2026
File Browser: Command Injection via Authentication Hook Shell Substitution (Pre-Authentication RCE)
Critical
CVE-2026-54088
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Jul 10, 2026
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability...
Critical
Unreviewed
CVE-2026-40047
was published
Jul 6, 2026
Improper neutralization of argument delimiters in a command ('argument injection') vulnerability...
High
Unreviewed
CVE-2026-14459
was published
Jul 3, 2026
Linuxfabrik Monitoring Plugins: Sudoers may be able to obtain privilege escalation via /usr/bin/apt-get arguments
High
CVE-2026-52817
was published
for
linuxfabrik-lib
(pip)
Jul 2, 2026
Grackle has command/argument injection in the git worktree executor that enables RCE on provisioned hosts via an unsanitized task branch name (shell:true)
High
GHSA-vv65-f55v-xm6g
was published
for
@grackle-ai/powerline
(npm)
Jul 2, 2026
repomix Vulnerable to Command Injection (RCE) via `--remote-branch` Argument Injection
High
CVE-2026-49987
was published
for
repomix
(npm)
Jul 1, 2026
A flaw was found in the vscode-java extension, which provides Java language support for Visual...
High
Unreviewed
CVE-2026-12856
was published
Jun 29, 2026
pnpm: Git Fetch Argument Injection via Lockfile resolution.commit
Moderate
CVE-2026-50014
was published
for
pnpm
(npm)
Jun 26, 2026
@cyclonedx/cdxgen: Maven project scanning may allow shell command injection through repository-controlled module paths
Moderate
GHSA-5vwr-qchf-q4pf
was published
for
@cyclonedx/cdxgen
(npm)
Jun 26, 2026
Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary...
Moderate
Unreviewed
CVE-2026-11968
was published
Jun 24, 2026
skillctl: argument injection, path traversal in --dest, FIFO/device DoS, hardlink exfiltration, and commit-trailer forgery
High
GHSA-74p7-6h78-gw8p
was published
for
skillctl
(Rust)
Jun 22, 2026
Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()
High
CVE-2026-12530
was published
for
bedrock-agentcore
(pip)
Jun 19, 2026
Crawl4AI: Unauthenticated RCE via Chromium launch-argument injection in browser_config.extra_args
Critical
GHSA-r253-r9jw-qg44
was published
for
crawl4ai
(pip)
Jun 18, 2026
Docker MCP Gateway: Argument injection via OCI image label YAML
High
CVE-2026-55887
was published
for
github.com/docker/mcp-gateway
(Go)
Jun 18, 2026
Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM,...
Critical
Unreviewed
CVE-2026-47365
was published
Jun 12, 2026
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability...
High
Unreviewed
CVE-2026-53694
was published
Jun 10, 2026
MCP Server Kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration
Moderate
CVE-2026-47250
was published
for
mcp-server-kubernetes
(npm)
Jun 5, 2026
A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency...
High
Unreviewed
CVE-2026-11332
was published
Jun 5, 2026
Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release...
High
Unreviewed
CVE-2026-41013
was published
Jun 1, 2026
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection...
High
Unreviewed
CVE-2026-49373
was published
May 29, 2026
Symfony has an Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address
Moderate
CVE-2026-45068
was published
for
symfony/mailer
(Composer)
May 27, 2026
Kata Containers have VM Escape via virtiofsd Argument Injection through Default-Enabled Pod Annotations
Moderate
CVE-2026-44210
was published
for
github.com/kata-containers/kata-containers
(Go)
May 26, 2026
Prefect has an Argument Injection issue
High
CVE-2026-3515
was published
for
prefect
(pip)
May 26, 2026
IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote...
High
Unreviewed
CVE-2026-47114
was published
May 21, 2026
ProTip!
Advisories are also available from the
GraphQL API