Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,519
Maven
5,000+
npm
4,156
NuGet
736
pip
3,956
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

367 advisories

Loading
@sequa-ai/sequa-mcp has Command Injection vulnerability Low
CVE-2025-10619 was published for @sequa-ai/sequa-mcp (npm) Sep 17, 2025
mcp-kubernetes-server has a Command Injection vulnerability Low
CVE-2025-59376 was published for mcp-kubernetes-server (pip) Sep 15, 2025
interactive-git-checkout has a Command Injection vulnerability Critical
CVE-2025-59046 was published for interactive-git-checkout (npm) Sep 10, 2025
lirantal
@akoskm/create-mcp-server-stdio is vulnerable to MCP Server Command Injection through `exec` API Critical
CVE-2025-54994 was published for @akoskm/create-mcp-server-stdio (npm) Sep 8, 2025
lirantal
CodeceptJS's incomprehensive sanitation can lead to Command Injection Critical
CVE-2025-57285 was published for codeceptjs (npm) Sep 8, 2025
PyPI publish GitHub Action vulnerable to injectable expression expansions in action steps Low
GHSA-vxmw-7h4f-hqxh was published for pypa/gh-action-pypi-publish (GitHub Actions) Sep 4, 2025
woodruffw
mcp-markdownify-server vulnerable to command injection in pptx-to-markdown tool High
CVE-2025-58358 was published for mcp-markdownify-server (npm) Sep 2, 2025
0xRoyR
Command Injection via sonarqube-scan-action GitHub Action High
CVE-2025-58178 was published for SonarSource/sonarqube-scan-action (GitHub Actions) Sep 2, 2025
Torbjorn-Svensson
wong2 mcp-cli Command Injection Vulnerability Low
CVE-2025-9262 was published for @wong2/mcp-cli (npm) Aug 21, 2025
screenshot-desktop vulnerable to command Injection via `format` option Critical
CVE-2025-55294 was published for screenshot-desktop (npm) Aug 19, 2025
RichardoC bencevans
Active Storage allowed transformation methods that were potentially unsafe Critical
CVE-2025-24293 was published for activestorage (RubyGems) Aug 14, 2025
th4s1s
mcp-package-docs vulnerable to command injection in several tools High
CVE-2025-54073 was published for mcp-package-docs (npm) Aug 5, 2025
dellalibera
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers Critical
CVE-2025-54782 was published for @nestjs/devtools-integration (npm) Aug 1, 2025
JLLeitschuh
1Panel agent certificate verification bypass leading to arbitrary command execution High
CVE-2025-54424 was published for github.com/1Panel-dev/1Panel/core (Go) Aug 1, 2025
lizicoco
tj-actions/branch-names has a Command Injection Vulnerability Critical
CVE-2025-54416 was published for tj-actions/branch-names (GitHub Actions) Jul 25, 2025
tutasla
@translated/lara-mcp vulnerable to command injection in import_tmx tool High
CVE-2025-53832 was published for @translated/lara-mcp (npm) Jul 21, 2025
dellalibera
MCP Server Kubernetes vulnerable to command injection in several tools High
CVE-2025-53355 was published for mcp-server-kubernetes (npm) Jul 8, 2025
dellalibera
Node.js Sandbox MCP Server vulnerability can lead to Sandbox Escape via Command Injection High
CVE-2025-53372 was published for node-code-sandbox-mcp (npm) Jul 8, 2025
dellalibera
@cyanheads/git-mcp-server vulnerable to command injection in several tools High
CVE-2025-53107 was published for @cyanheads/git-mcp-server (npm) Jun 30, 2025
dellalibera cyanheads
File Browser vulnerable to command execution allowlist bypass High
CVE-2025-52995 was published for github.com/filebrowser/filebrowser (Go) Jun 30, 2025
mtausig hacdias
File Browser: Command Execution not Limited to Scope High
CVE-2025-52904 was published for github.com/filebrowser/filebrowser (Go) Jun 30, 2025
mtausig hacdias
filebrowser Allows Shell Commands to Spawn Other Commands High
CVE-2025-52903 was published for github.com/filebrowser/filebrowser (Go) Jun 27, 2025
mtausig hacdias
Salt's on demand pillar functionality vulnerable to arbitrary command injections Moderate
CVE-2025-22237 was published for salt (pip) Jun 13, 2025
Ackites KillWxapkg vulnerable to OS Command Injection Low
CVE-2025-5030 was published for github.com/Ackites/KillWxapkg (Go) May 21, 2025
goshs route not protected, allows command execution Critical
CVE-2025-46816 was published for github.com/patrickhener/goshs (Go) May 6, 2025
Guilhem7
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database