GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
191 advisories
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled
Critical
CVE-2024-56145
was published
for
craftcms/cms
(Composer)
Dec 18, 2024
Remote Code Execution Vulnerability in NPM mongo-express
Critical
CVE-2019-10758
was published
for
mongo-express
(npm)
Dec 30, 2019
check-branches is vulnerable to command Injection
Critical
CVE-2025-11148
was published
for
check-branches
(npm)
Sep 30, 2025
Command Injection in adb-mcp MCP Server
Critical
CVE-2025-59834
was published
for
adb-mcp
(npm)
Sep 24, 2025
mcp-kubernetes-server has an OS Command Injection vulnerability
Critical
CVE-2025-59377
was published
for
mcp-kubernetes-server
(pip)
Sep 15, 2025
Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation
Critical
CVE-2025-54123
was published
for
github.com/SpectoLabs/hoverfly
(Go)
Sep 10, 2025
@akoskm/create-mcp-server-stdio is vulnerable to MCP Server Command Injection through `exec` API
Critical
CVE-2025-54994
was published
for
@akoskm/create-mcp-server-stdio
(npm)
Sep 8, 2025
Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class
Critical
CVE-2025-53623
was published
for
job-iteration
(RubyGems)
Jul 14, 2025
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers
Critical
CVE-2025-54782
was published
for
@nestjs/devtools-integration
(npm)
Aug 1, 2025
CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability
Critical
CVE-2025-54418
was published
for
codeigniter4/framework
(Composer)
Jul 28, 2025
Cromwell GitHub Actions Secrets exfiltration via `Issue_comment`
Critical
GHSA-phf6-hm3h-x8qp
was published
for
broadinstitute/cromwell
(GitHub Actions)
May 28, 2025
ProTip!
Advisories are also available from the
GraphQL API