Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,549
Maven
5,000+
npm
5,000+
NuGet
917
pip
4,798
Pub
13
RubyGems
1,038
Rust
1,237
Swift
53
Unreviewed advisories
All unreviewed
5,000+

302 advisories

Loading
PHPUnit has Argument injection via newline in PHP INI values that are forwarded to child processes High
GHSA-qrr6-mg7r-m243 was published for phpunit/phpunit (Composer) Apr 18, 2026
kayw-geek Credited to kayw-geek
Amazon EFS CSI Driver has mount option injection via unsanitized volumeHandle and mounttargetip fields Moderate
CVE-2026-6437 was published for github.com/kubernetes-sigs/aws-efs-csi-driver (Go) Apr 18, 2026
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0... Moderate Unreviewed
CVE-2026-35153 was published Apr 17, 2026
MCP Server Kubernetes has an Argument Injection in port_forward tool via space-splitting High
CVE-2026-39884 was published for mcp-server-kubernetes (npm) Apr 14, 2026
TharVid Credited to TharVid
During an internal security assessment, a potential vulnerability was discovered in Lenovo... High Unreviewed
CVE-2026-4145 was published Apr 15, 2026
Improper neutralization of argument delimiters in a command ('argument injection') vulnerability... Critical Unreviewed
CVE-2026-2449 was published Apr 14, 2026
SSH/SCP option injection allowing local RCE in @aiondadotcom/mcp-ssh High
GHSA-p4h8-56qp-hpgv was published for @aiondadotcom/mcp-ssh (npm) Apr 14, 2026
PraisonAI Vulnerable to Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars High
CVE-2026-40113 was published for PraisonAI (pip) Apr 10, 2026
aswinastro Credited to aswinastro and g0w6y g0w6y g0w6y
The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and... High Unreviewed
CVE-2023-6634 was published Jan 11, 2024
skilleton has improper input handling in repository/path processing Moderate
GHSA-5g3j-89fr-r2vp was published for skilleton (npm) Apr 8, 2026
File Browser has a Command Injection via Hook Runner High
CVE-2026-35585 was published for github.com/filebrowser/filebrowser/v2 (Go) Apr 8, 2026
Saku0512 Credited to Saku0512
Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference High
CVE-2026-34769 was published for electron (npm) Apr 3, 2026
Roundcube Webmail: Unsanitized IMAP SEARCH command arguments Low
CVE-2026-35538 was published for roundcube/roundcubemail (Composer) Apr 3, 2026
Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to... High Unreviewed
CVE-2026-0634 was published Apr 2, 2026
In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF... High Unreviewed
CVE-2026-29954 was published Mar 30, 2026
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.container_info' parameters... Moderate Unreviewed
CVE-2026-23924 was published Mar 24, 2026
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability... Critical Unreviewed
CVE-2026-2298 was published Mar 23, 2026
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the... Moderate Unreviewed
CVE-2026-4438 was published Mar 20, 2026
A remote, unauthenticated attacker may be able to send crafted messages to the web server of the... High Unreviewed
CVE-2024-22182 was published Mar 1, 2024
The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters... High Unreviewed
CVE-2004-0411 was published Apr 29, 2022
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter... High Unreviewed
CVE-2004-0121 was published Apr 29, 2022
Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which... Moderate Unreviewed
CVE-2003-0907 was published Apr 29, 2022
Argument injection vulnerability in HyperAccess 8.4 allows user-assisted remote attackers to... Moderate Unreviewed
CVE-2006-6597 was published May 1, 2022
OpenClaw's Node system.run approval hardening wrapper semantic drift can execute unintended local scripts Moderate
CVE-2026-29608 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw has Windows system.run approval mismatch on cmd.exe /c trailing arguments High
CVE-2026-22168 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database