Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,519
Maven
5,000+
npm
4,156
NuGet
736
pip
3,957
Pub
12
RubyGems
946
Rust
1,027
Swift
39
Unreviewed advisories
All unreviewed
5,000+

186 advisories

Loading
Flowise has unsandboxed remote code execution via Custom MCP High
GHSA-6933-jpx5-q87q was published for flowise (npm) Sep 15, 2025
assaf-levkovich-jf
wong2 mcp-cli Command Injection Vulnerability Low
CVE-2025-9262 was published for @wong2/mcp-cli (npm) Aug 21, 2025
@akoskm/create-mcp-server-stdio is vulnerable to MCP Server Command Injection through `exec` API Critical
CVE-2025-54994 was published for @akoskm/create-mcp-server-stdio (npm) Sep 8, 2025
lirantal
Flowise OS command remote code execution Critical
CVE-2025-8943 was published for flowise (npm) Aug 14, 2025
Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code High
CVE-2025-55284 was published for @anthropic-ai/claude-code (npm) Aug 18, 2025
Withdrawn Advisory: bun vulnerable to OS Command Injection High
CVE-2025-8022 was published for bun (npm) Jul 23, 2025 withdrawn
lirantal
Claude Code echo command allowed bypass of user approval prompt for command execution High
CVE-2025-54795 was published for @anthropic-ai/claude-code (npm) Aug 4, 2025
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers Critical
CVE-2025-54782 was published for @nestjs/devtools-integration (npm) Aug 1, 2025
JLLeitschuh
Remote Code Execution Vulnerability in NPM mongo-express Critical
CVE-2019-10758 was published for mongo-express (npm) Dec 30, 2019
JLLeitschuh
GitHub Kanban MCP Server vulnerable to Command Injection High
CVE-2025-53818 was published for @sunwood-ai-labs/github-kanban-mcp-server (npm) Jul 15, 2025
lirantal
mcp-remote exposed to OS command injection via untrusted MCP server connections Critical
CVE-2025-6514 was published for mcp-remote (npm) Jul 9, 2025
iOS Simulator MCP Command Injection allowed via exec API Moderate
CVE-2025-52573 was published for ios-simulator-mcp (npm) Jun 26, 2025
lirantal
HaxCMS-PHP Command Injection Vulnerability High
CVE-2025-49141 was published for @haxtheweb/haxcms-nodejs (npm) Jun 9, 2025
userRPR
snyk Code Injection vulnerability High
CVE-2022-24441 was published for snyk (npm) Jul 6, 2023
cycle-import-check vulnerable to Command Injection Critical
CVE-2022-24377 was published for cycle-import-check (npm) Dec 14, 2022
exec-local-bin vulnerable to Command Injection Critical
CVE-2022-25923 was published for exec-local-bin (npm) Jan 6, 2023
global-modules-path Command Injection vulnerability Critical
CVE-2022-21191 was published for global-modules-path (npm) Jan 13, 2023
Command Injection in puppet-facter High
CVE-2022-25350 was published for puppet-facter (npm) Jan 26, 2023
Remote code execution in simple-git Critical
CVE-2022-25860 was published for simple-git (npm) Jan 26, 2023
Command Injection in create-choo-electron Critical
CVE-2022-25908 was published for create-choo-electron (npm) Jan 26, 2023
Command injection in vagrant.js Critical
CVE-2022-25962 was published for vagrant.js (npm) Jan 26, 2023
Command injection in smartctl High
CVE-2022-21810 was published for smartctl (npm) Jan 26, 2023
mt7688-wiscan is vulnerable to Command Injection due to improper input sanitization High
CVE-2022-25916 was published for mt7688-wiscan (npm) Feb 1, 2023
is-http2 vulnerable to Improper Input Validation High
CVE-2022-25906 was published for is-http2 (npm) Feb 1, 2023
create-choo-app3 is vulnerable to Command Injection via the devInstall function High
CVE-2022-25855 was published for create-choo-app3 (npm) Feb 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database