Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

69 advisories

Loading
aiosmtplib vulnerable to SMTP command injection via CR/LF in sender/recipient address Moderate
CVE-2026-53533 was published for aiosmtplib (pip) Jul 7, 2026
tonghuaroot Credited to tonghuaroot
Net::IMAP: Command Injection via ID command argument Moderate
CVE-2026-47242 was published for net-imap (RubyGems) Jun 9, 2026
nevans Credited to nevans
Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument Moderate
CVE-2026-47240 was published for net-imap (RubyGems) Jun 9, 2026
nevans Credited to nevans
GoClaw has a Command Injection issue Moderate
CVE-2026-10219 was published for github.com/nextlevelbuilder/goclaw (Go) Jun 1, 2026
net-imap vulnerable to command Injection via "raw" arguments to multiple commands Moderate
CVE-2026-42257 was published for net-imap (RubyGems) May 4, 2026
manunio Credited to manunio and nevans nevans nevans
net-imap vulnerable to command Injection via unvalidated Symbol inputs Moderate
CVE-2026-42258 was published for net-imap (RubyGems) May 4, 2026
manunio Credited to manunio
mcp-server-semgrep has a Command Injection issue Moderate
CVE-2026-7446 was published for mcp-server-semgrep (npm) Apr 30, 2026
Inspektor Gadget: Command Injection via malicious buildOptions manipulation Moderate
CVE-2026-24905 was published for github.com/inspektor-gadget/inspektor-gadget (Go) Apr 22, 2026
ndaprela Credited to ndaprela, suidpit, eiffel-fl, and burak-ok suidpit suidpit
eiffel-fl eiffel-fl burak-ok burak-ok
FoundationAgents MetaGPT vulnerable to OS Command Injection in metagpt/utils/common.py Moderate
CVE-2026-5973 was published for metagpt (pip) Apr 9, 2026
FoundationAgents MetaGPT vulnerable to OS Command Injection in metagpt/tools/libs/terminal.py Moderate
CVE-2026-5974 was published for metagpt (pip) Apr 9, 2026
FoundationAgents MetaGPT vulnerable to os command injection via the Terminal.run_command Moderate
CVE-2026-5972 was published for metagpt (pip) Apr 9, 2026
Agions taskflow-ai vulnerable to os command injection in src/mcp/server/handlers.ts Moderate
CVE-2026-5831 was published for taskflow-ai (npm) Apr 9, 2026
actions-mkdocs: Command Injection via issue title in internal GitHub Actions workflow Moderate
GHSA-6p2j-742g-835f was published for Tiryoh/actions-mkdocs (GitHub Actions) Apr 4, 2026
choseogyeong Credited to choseogyeong
MCP NMAP Server has an Injection vulnerability Moderate
CVE-2026-3484 was published for mcp-nmap-server (npm) Mar 3, 2026
MS-Agent vulnerable to Command Injection Moderate
CVE-2026-2256 was published for ms-agent (pip) Mar 2, 2026
mcp-maigret vulnerable to command injection Moderate
CVE-2026-2130 was published for mcp-maigret (npm) Feb 8, 2026
BrowserStack Local vulnerable to Command Injection through logfile variable Moderate
CVE-2025-57283 was published for browserstack-local (npm) Jan 28, 2026
mgol Credited to mgol
Renovate vulnerable to arbitrary command injection via helmv3 manager and malicious Chart.yaml file Moderate
GHSA-3f44-xw83-3pmg was published for renovate (npm) Jan 13, 2026
astellingwerf Credited to astellingwerf
Renovate vulnerable to arbitrary command injection via gleam manager and malicious gleam.toml file Moderate
GHSA-xjr7-3c3g-m763 was published for renovate (npm) Jan 13, 2026
astellingwerf Credited to astellingwerf
Renovate vulnerable to arbitrary command injection via hermit manager and maliciously named dependencies Moderate
GHSA-36j9-mx87-2cff was published for renovate (npm) Jan 13, 2026
astellingwerf Credited to astellingwerf
Renovate vulnerable to arbitrary command injection via npm manager and malicious Renovate configuration Moderate
GHSA-fr4j-65pv-gjjj was published for renovate (npm) Jan 13, 2026
astellingwerf Credited to astellingwerf
Renovate vulnerable to arbitrary command injection via kustomize manager and malicious helm repository Moderate
GHSA-xv56-3wq5-9997 was published for renovate (npm) Jan 13, 2026
astellingwerf Credited to astellingwerf
nitro-tpm-pcr-compute may allow kernel command line modification by an account operator Moderate
GHSA-xrv8-2pf5-f3q7 was published for nitro-tpm-pcr-compute (Rust) Dec 5, 2025
agraf Credited to agraf and mariusknaust mariusknaust mariusknaust
mcp-server-kubernetes has potential security issue in exec_in_pod tool Moderate
CVE-2025-66404 was published for mcp-server-kubernetes (npm) Dec 3, 2025
lavenderlilly Credited to lavenderlilly
ProTip! Advisories are also available from the GraphQL API