GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
879 advisories
Filter by severity
A flaw has been found in christopherthielen check-peer-dependencies up to 4.3.4. Affected by this...
Moderate
Unreviewed
CVE-2026-15033
was published
Jul 8, 2026
aiosmtplib vulnerable to SMTP command injection via CR/LF in sender/recipient address
Moderate
CVE-2026-53533
was published
for
aiosmtplib
(pip)
Jul 7, 2026
A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the...
Moderate
Unreviewed
CVE-2026-14802
was published
Jul 6, 2026
An unauthenticated command injection vulnerability in the /goform/fast_setting_internet_set...
Moderate
Unreviewed
CVE-2026-38142
was published
Jul 1, 2026
Improper neutralization of special elements used in a command ('command injection') in Microsoft...
Moderate
Unreviewed
CVE-2026-42895
was published
Jun 19, 2026
Net::IMAP: Command Injection via ID command argument
Moderate
CVE-2026-47242
was published
for
net-imap
(RubyGems)
Jun 9, 2026
Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument
Moderate
CVE-2026-47240
was published
for
net-imap
(RubyGems)
Jun 9, 2026
Improper neutralization of special elements used in a command ('command injection') in M365...
Moderate
Unreviewed
CVE-2026-42824
was published
Jun 5, 2026
A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file...
Moderate
Unreviewed
CVE-2026-10273
was published
Jun 1, 2026
GoClaw has a Command Injection issue
Moderate
CVE-2026-10219
was published
for
github.com/nextlevelbuilder/goclaw
(Go)
Jun 1, 2026
A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the...
Moderate
Unreviewed
CVE-2026-10214
was published
Jun 1, 2026
A security vulnerability has been detected in FoundDream miniclawd up to...
Moderate
Unreviewed
CVE-2026-9452
was published
May 26, 2026
A vulnerability was determined in NousResearch hermes-agent up to...
Moderate
Unreviewed
CVE-2026-9367
was published
May 26, 2026
Improper neutralization of special elements used in a command ('command injection') in M365...
Moderate
Unreviewed
CVE-2026-42827
was published
May 26, 2026
Insufficient Validation of Names During AXFR
Moderate
Unreviewed
CVE-2026-42000
was published
May 21, 2026
Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization...
Moderate
Unreviewed
CVE-2026-35070
was published
May 20, 2026
Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as ...
Moderate
Unreviewed
CVE-2026-45585
was published
May 20, 2026
An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and...
Moderate
Unreviewed
CVE-2026-40135
was published
May 12, 2026
A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgi_set_host...
Moderate
Unreviewed
CVE-2026-8273
was published
May 11, 2026
/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow remote authenticated users to...
Moderate
Unreviewed
CVE-2024-30167
was published
May 8, 2026
In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project...
Moderate
Unreviewed
CVE-2023-47268
was published
May 8, 2026
A vulnerability in the web-based management interface of Cisco IoT Field Network Director could...
Moderate
Unreviewed
CVE-2026-20169
was published
May 6, 2026
A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp...
Moderate
Unreviewed
CVE-2026-7785
was published
May 5, 2026
net-imap vulnerable to command Injection via "raw" arguments to multiple commands
Moderate
CVE-2026-42257
was published
for
net-imap
(RubyGems)
May 4, 2026
net-imap vulnerable to command Injection via unvalidated Symbol inputs
Moderate
CVE-2026-42258
was published
for
net-imap
(RubyGems)
May 4, 2026
ProTip!
Advisories are also available from the
GraphQL API