GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
420 advisories
check-branches is vulnerable to command Injection
Critical
CVE-2025-11148
was published
for
check-branches
(npm)
Sep 30, 2025
Command Injection in adb-mcp MCP Server
Critical
CVE-2025-59834
was published
for
adb-mcp
(npm)
Sep 24, 2025
`git-comiters` Command Injection vulnerability
High
CVE-2025-59831
was published
for
git-commiters
(npm)
Sep 22, 2025
Flowise has unsandboxed remote code execution via Custom MCP
High
GHSA-6933-jpx5-q87q
was published
for
flowise
(npm)
Sep 15, 2025
mcp-kubernetes-server has an OS Command Injection vulnerability
Critical
CVE-2025-59377
was published
for
mcp-kubernetes-server
(pip)
Sep 15, 2025
Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email
High
CVE-2025-59041
was published
for
@anthropic-ai/claude-code
(npm)
Sep 10, 2025
Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation
Critical
CVE-2025-54123
was published
for
github.com/SpectoLabs/hoverfly
(Go)
Sep 10, 2025
OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload
High
CVE-2025-58180
was published
for
octoprint
(pip)
Sep 9, 2025
@akoskm/create-mcp-server-stdio is vulnerable to MCP Server Command Injection through `exec` API
Critical
CVE-2025-54994
was published
for
@akoskm/create-mcp-server-stdio
(npm)
Sep 8, 2025
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers
Critical
CVE-2025-54782
was published
for
@nestjs/devtools-integration
(npm)
Aug 1, 2025
CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability
Critical
CVE-2025-54418
was published
for
codeigniter4/framework
(Composer)
Jul 28, 2025
Calibre Web and Autocaliweb have OS Command Injection vulnerability
Moderate
CVE-2025-7404
was published
for
calibreweb
(pip)
Jul 24, 2025
ProTip!
Advisories are also available from the
GraphQL API