GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
190 advisories
check-branches is vulnerable to command Injection
Critical
CVE-2025-11148
was published
for
check-branches
(npm)
Sep 30, 2025
Command Injection in adb-mcp MCP Server
Critical
CVE-2025-59834
was published
for
adb-mcp
(npm)
Sep 24, 2025
mcp-kubernetes-server has an OS Command Injection vulnerability
Critical
CVE-2025-59377
was published
for
mcp-kubernetes-server
(pip)
Sep 15, 2025
Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation
Critical
CVE-2025-54123
was published
for
github.com/SpectoLabs/hoverfly
(Go)
Sep 10, 2025
@akoskm/create-mcp-server-stdio is vulnerable to MCP Server Command Injection through `exec` API
Critical
CVE-2025-54994
was published
for
@akoskm/create-mcp-server-stdio
(npm)
Sep 8, 2025
Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class
Critical
CVE-2025-53623
was published
for
job-iteration
(RubyGems)
Jul 14, 2025
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers
Critical
CVE-2025-54782
was published
for
@nestjs/devtools-integration
(npm)
Aug 1, 2025
Remote Code Execution Vulnerability in NPM mongo-express
Critical
CVE-2019-10758
was published
for
mongo-express
(npm)
Dec 30, 2019
CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability
Critical
CVE-2025-54418
was published
for
codeigniter4/framework
(Composer)
Jul 28, 2025
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled
Critical
CVE-2024-56145
was published
for
craftcms/cms
(Composer)
Dec 18, 2024
Cromwell GitHub Actions Secrets exfiltration via `Issue_comment`
Critical
GHSA-phf6-hm3h-x8qp
was published
for
broadinstitute/cromwell
(GitHub Actions)
May 28, 2025
YoutubeDLSharp allows command injection on windows system due to non sanitized arguments
Critical
CVE-2025-43858
was published
for
YoutubeDLSharp
(NuGet)
Apr 23, 2025
ProTip!
Advisories are also available from the
GraphQL API