Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
74
GitHub Actions
54
Go
4,087
Maven
5,000+
npm
5,000+
NuGet
994
pip
5,000+
Pub
13
RubyGems
1,095
Rust
1,414
Swift
61
Unreviewed advisories
All unreviewed
5,000+

25 advisories

Loading
MCP Server Kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration Moderate
CVE-2026-47250 was published for mcp-server-kubernetes (npm) Jun 5, 2026
yotampe-pluto Credited to yotampe-pluto
Symfony has an Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address Moderate
CVE-2026-45068 was published for symfony/mailer (Composer) May 27, 2026
Kata Containers have VM Escape via virtiofsd Argument Injection through Default-Enabled Pod Annotations Moderate
CVE-2026-44210 was published for github.com/kata-containers/kata-containers (Go) May 26, 2026
K-Rintaro Credited to K-Rintaro and fidencio fidencio fidencio
Diesel: Command injection in Diesel's implementation of `COPY FROM`/`COPY TO` Moderate
GHSA-m9p2-fxp5-v3fp was published for diesel (Rust) May 19, 2026
dbt MCP Server has an Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters Moderate
CVE-2026-44968 was published for dbt-mcp (pip) May 14, 2026
hewei-gikaku Credited to hewei-gikaku
Amazon EFS CSI Driver has mount option injection via unsanitized volumeHandle and mounttargetip fields Moderate
CVE-2026-6437 was published for github.com/kubernetes-sigs/aws-efs-csi-driver (Go) Apr 18, 2026
skilleton has improper input handling in repository/path processing Moderate
GHSA-5g3j-89fr-r2vp was published for skilleton (npm) Apr 8, 2026
Duplicate Advisory: OpenClaw's Node system.run approval hardening wrapper semantic drift can execute unintended local scripts Moderate
GHSA-g87j-gm7p-6vw2 was published for openclaw (npm) Mar 19, 2026 withdrawn
OpenClaw's Node system.run approval hardening wrapper semantic drift can execute unintended local scripts Moderate
CVE-2026-29608 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
Weblate has an argument injection in management console Moderate
CVE-2026-24126 was published for Weblate (pip) Feb 17, 2026
alexb616 Credited to alexb616 and nijel nijel nijel
Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows Moderate
CVE-2026-24739 was published for symfony/process (Composer) Jan 28, 2026
Seldaek Credited to Seldaek and nicolas-grekas nicolas-grekas nicolas-grekas
mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files Moderate
CVE-2025-68144 was published for mcp-server-git (pip) Dec 17, 2025
@conventional-changelog/git-client has Argument Injection vulnerability Moderate
CVE-2025-59433 was published for @conventional-changelog/git-client (npm) Sep 22, 2025
lirantal Credited to lirantal
ggit is vulnerable to Arbitrary Argument Injection via the clone() API Moderate
CVE-2024-21533 was published for ggit (npm) Oct 8, 2024
lirantal Credited to lirantal
git-shallow-clone Argument Injection vulnerability Moderate
CVE-2024-21531 was published for git-shallow-clone (npm) Oct 1, 2024
dsimk Credited to dsimk
gix-transport indirect code execution via malicious username Moderate
CVE-2024-32884 was published for gitoxide (Rust) Apr 15, 2024
EliahKagan Credited to EliahKagan
gix-transport code execution vulnerability Moderate
CVE-2023-53158 was published for gix-transport (Rust) Sep 25, 2023
EliahKagan Credited to EliahKagan
blamer vulnerable to Arbitrary Argument Injection via the blameByFile() API Moderate
CVE-2023-26143 was published for blamer (npm) Sep 19, 2023
lirantal Credited to lirantal
Command injection in Rancher Git package Moderate
CVE-2022-43758 was published for github.com/rancher/rancher (Go) Jan 25, 2023
cokeBeer Credited to cokeBeer and snoopysecurity snoopysecurity snoopysecurity
Froxlor vulnerable to Argument Injection Moderate
CVE-2022-4864 was published for froxlor/froxlor (Composer) Dec 31, 2022
phpxmlrpc vulnerable to argument injection Moderate
GHSA-q7qq-9gx2-ggxv was published for phpxmlrpc/phpxmlrpc (Composer) Dec 2, 2022
Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile. Moderate
CVE-2021-43809 was published for bundler (RubyGems) Dec 8, 2021
paul-gerste-sonarsource Credited to paul-gerste-sonarsource
Remote command injection when using sendmail email transport Moderate
GHSA-wfrj-qqc2-83cm was published for ghost (npm) Sep 20, 2021
tdunlap607 Credited to tdunlap607
Header injection possible in Django Moderate
CVE-2021-32052 was published for Django (pip) Jun 9, 2021
Argument Injection in Apache Geode server Moderate
CVE-2017-15694 was published for org.apache.geode:geode-core (Maven) Jun 26, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database