GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
19 advisories
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks
Critical
CVE-2021-21386
was published
for
APKLeaks
(pip)
Jan 21, 2022
Poetry Argument Injection can lead to Local Code Execution
High
CVE-2022-36069
was published
for
poetry
(pip)
Sep 16, 2022
Argument injection in python-libnmap
Critical
CVE-2022-30284
was published
for
python-libnmap
(pip)
May 6, 2022
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Weblate
High
CVE-2022-23915
was published
for
Weblate
(pip)
Mar 4, 2022
Weblate has an argument injection in management console
Moderate
CVE-2026-24126
was published
for
Weblate
(pip)
Feb 17, 2026
PraisonAI Vulnerable to Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars
High
CVE-2026-40113
was published
for
PraisonAI
(pip)
Apr 10, 2026
GitPython: Unsafe option check validates multi_options before shlex.split transformation
High
CVE-2026-42284
was published
for
GitPython
(pip)
Apr 25, 2026
dbt MCP Server has an Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters
Moderate
CVE-2026-44968
was published
for
dbt-mcp
(pip)
May 14, 2026
ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView
Critical
CVE-2026-42601
was published
for
archivebox
(pip)
May 4, 2026
JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request
High
CVE-2026-42266
was published
for
jupyterlab
(pip)
May 5, 2026
Crawl4AI: Unauthenticated RCE via Chromium launch-argument injection in browser_config.extra_args
Critical
GHSA-r253-r9jw-qg44
was published
for
crawl4ai
(pip)
Jun 18, 2026
ProTip!
Advisories are also available from the
GraphQL API