GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
187 advisories
Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation
Critical
CVE-2025-54123
was published
for
github.com/SpectoLabs/hoverfly
(Go)
Sep 10, 2025
@akoskm/create-mcp-server-stdio is vulnerable to MCP Server Command Injection through `exec` API
Critical
CVE-2025-54994
was published
for
@akoskm/create-mcp-server-stdio
(npm)
Sep 8, 2025
Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class
Critical
CVE-2025-53623
was published
for
job-iteration
(RubyGems)
Jul 14, 2025
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers
Critical
CVE-2025-54782
was published
for
@nestjs/devtools-integration
(npm)
Aug 1, 2025
Remote Code Execution Vulnerability in NPM mongo-express
Critical
CVE-2019-10758
was published
for
mongo-express
(npm)
Dec 30, 2019
CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability
Critical
CVE-2025-54418
was published
for
codeigniter4/framework
(Composer)
Jul 28, 2025
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled
Critical
CVE-2024-56145
was published
for
craftcms/cms
(Composer)
Dec 18, 2024
Cromwell GitHub Actions Secrets exfiltration via `Issue_comment`
Critical
GHSA-phf6-hm3h-x8qp
was published
for
broadinstitute/cromwell
(GitHub Actions)
May 28, 2025
YoutubeDLSharp allows command injection on windows system due to non sanitized arguments
Critical
CVE-2025-43858
was published
for
YoutubeDLSharp
(NuGet)
Apr 23, 2025
ProTip!
Advisories are also available from the
GraphQL API