GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
69 advisories
Filter by severity
aiosmtplib vulnerable to SMTP command injection via CR/LF in sender/recipient address
Moderate
CVE-2026-53533
was published
for
aiosmtplib
(pip)
Jul 7, 2026
Net::IMAP: Command Injection via ID command argument
Moderate
CVE-2026-47242
was published
for
net-imap
(RubyGems)
Jun 9, 2026
Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument
Moderate
CVE-2026-47240
was published
for
net-imap
(RubyGems)
Jun 9, 2026
GoClaw has a Command Injection issue
Moderate
CVE-2026-10219
was published
for
github.com/nextlevelbuilder/goclaw
(Go)
Jun 1, 2026
net-imap vulnerable to command Injection via "raw" arguments to multiple commands
Moderate
CVE-2026-42257
was published
for
net-imap
(RubyGems)
May 4, 2026
net-imap vulnerable to command Injection via unvalidated Symbol inputs
Moderate
CVE-2026-42258
was published
for
net-imap
(RubyGems)
May 4, 2026
mcp-server-semgrep has a Command Injection issue
Moderate
CVE-2026-7446
was published
for
mcp-server-semgrep
(npm)
Apr 30, 2026
Inspektor Gadget: Command Injection via malicious buildOptions manipulation
Moderate
CVE-2026-24905
was published
for
github.com/inspektor-gadget/inspektor-gadget
(Go)
Apr 22, 2026
FoundationAgents MetaGPT vulnerable to OS Command Injection in metagpt/utils/common.py
Moderate
CVE-2026-5973
was published
for
metagpt
(pip)
Apr 9, 2026
FoundationAgents MetaGPT vulnerable to OS Command Injection in metagpt/tools/libs/terminal.py
Moderate
CVE-2026-5974
was published
for
metagpt
(pip)
Apr 9, 2026
FoundationAgents MetaGPT vulnerable to os command injection via the Terminal.run_command
Moderate
CVE-2026-5972
was published
for
metagpt
(pip)
Apr 9, 2026
Agions taskflow-ai vulnerable to os command injection in src/mcp/server/handlers.ts
Moderate
CVE-2026-5831
was published
for
taskflow-ai
(npm)
Apr 9, 2026
actions-mkdocs: Command Injection via issue title in internal GitHub Actions workflow
Moderate
GHSA-6p2j-742g-835f
was published
for
Tiryoh/actions-mkdocs
(GitHub Actions)
Apr 4, 2026
Duplicate Advisory: OpenClaw's system.run shell-wrapper positional argv carriers could execute hidden commands under misleading approval text
Moderate
GHSA-w6f4-3v35-qjhj
was published
for
openclaw
(npm)
Mar 21, 2026
•
withdrawn
MCP NMAP Server has an Injection vulnerability
Moderate
CVE-2026-3484
was published
for
mcp-nmap-server
(npm)
Mar 3, 2026
MS-Agent vulnerable to Command Injection
Moderate
CVE-2026-2256
was published
for
ms-agent
(pip)
Mar 2, 2026
mcp-maigret vulnerable to command injection
Moderate
CVE-2026-2130
was published
for
mcp-maigret
(npm)
Feb 8, 2026
BrowserStack Local vulnerable to Command Injection through logfile variable
Moderate
CVE-2025-57283
was published
for
browserstack-local
(npm)
Jan 28, 2026
Renovate vulnerable to arbitrary command injection via helmv3 manager and malicious Chart.yaml file
Moderate
GHSA-3f44-xw83-3pmg
was published
for
renovate
(npm)
Jan 13, 2026
Renovate vulnerable to arbitrary command injection via gleam manager and malicious gleam.toml file
Moderate
GHSA-xjr7-3c3g-m763
was published
for
renovate
(npm)
Jan 13, 2026
Renovate vulnerable to arbitrary command injection via hermit manager and maliciously named dependencies
Moderate
GHSA-36j9-mx87-2cff
was published
for
renovate
(npm)
Jan 13, 2026
Renovate vulnerable to arbitrary command injection via npm manager and malicious Renovate configuration
Moderate
GHSA-fr4j-65pv-gjjj
was published
for
renovate
(npm)
Jan 13, 2026
Renovate vulnerable to arbitrary command injection via kustomize manager and malicious helm repository
Moderate
GHSA-xv56-3wq5-9997
was published
for
renovate
(npm)
Jan 13, 2026
nitro-tpm-pcr-compute may allow kernel command line modification by an account operator
Moderate
GHSA-xrv8-2pf5-f3q7
was published
for
nitro-tpm-pcr-compute
(Rust)
Dec 5, 2025
mcp-server-kubernetes has potential security issue in exec_in_pod tool
Moderate
CVE-2025-66404
was published
for
mcp-server-kubernetes
(npm)
Dec 3, 2025
ProTip!
Advisories are also available from the
GraphQL API