Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
975
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

4,902 advisories

Loading
aws-cdk-lib: OS Command Injection in NodejsFunction Bundling High
CVE-2026-11417 was published for aws-cdk-lib (npm) Jun 15, 2026
Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and... High Unreviewed
CVE-2026-9863 was published Jun 15, 2026
Fortra's  Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in... Critical Unreviewed
CVE-2026-9862 was published Jun 15, 2026
The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a OS Command... High Unreviewed
CVE-2026-11845 was published Jun 12, 2026
Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions... High Unreviewed
CVE-2026-45172 was published Jun 12, 2026
KanaDojo contains a command injection vulnerability that allows an attacker with pull request... High Unreviewed
CVE-2026-48547 was published Jun 11, 2026
A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated... Moderate Unreviewed
CVE-2026-0273 was published Jun 11, 2026
A flaw was found in dracut. A remote attacker on the adjacent network can exploit this... High Unreviewed
CVE-2026-6893 was published Jun 10, 2026
Claude Code Action: Malicious MCP Server Configuration in PRs Enables Remote Code Execution and Secret Exfiltration Moderate
CVE-2026-47751 was published for anthropics/claude-code-action (GitHub Actions) Jun 10, 2026
An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1... High Unreviewed
CVE-2026-9151 was published Jun 10, 2026
A command injection vulnerability has been reported to affect several QNAP operating system... High Unreviewed
CVE-2026-24719 was published Jun 10, 2026
A command injection vulnerability has been reported to affect several QNAP operating system... High Unreviewed
CVE-2026-22893 was published Jun 10, 2026
A command injection vulnerability has been reported to affect several QNAP operating system... High Unreviewed
CVE-2025-66273 was published Jun 10, 2026
A command injection vulnerability has been reported to affect several QNAP operating system... High Unreviewed
CVE-2025-66279 was published Jun 10, 2026
Pheditor: OS Command Injection in terminal handler via unsanitized 'dir' parameter Critical
CVE-2026-48030 was published for pheditor/pheditor (Composer) Jun 9, 2026
muslimbek-0x Credited to muslimbek-0x
Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows... High Unreviewed
CVE-2026-49959 was published Jun 9, 2026
DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php. Critical Unreviewed
CVE-2026-38615 was published Jun 9, 2026
An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2... High Unreviewed
CVE-2026-10727 was published Jun 9, 2026
A improper neutralization of special elements used in an os command ('os command injection')... Critical Unreviewed
CVE-2026-25089 was published Jun 9, 2026
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1... Critical Unreviewed
CVE-2026-10520 was published Jun 9, 2026
Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While... High Unreviewed
CVE-2026-9279 was published Jun 9, 2026
shell-quote quote() does not escape newlines in object .op values Critical
CVE-2026-9277 was published for shell-quote (npm) Jun 9, 2026
akshatgit Credited to akshatgit and ljharb ljharb ljharb
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The... High Unreviewed
CVE-2026-46746 was published Jun 9, 2026
Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command... High Unreviewed
CVE-2026-11572 was published Jun 9, 2026
Improper neutralization of special elements in the built-in PAM provider password rotation... Moderate Unreviewed
CVE-2026-10544 was published Jun 8, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database