GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
446 advisories
net-imap vulnerable to command Injection via "raw" arguments to multiple commands
Moderate
CVE-2026-42257
was published
for
net-imap
(RubyGems)
May 4, 2026
net-imap vulnerable to command Injection via unvalidated Symbol inputs
Moderate
CVE-2026-42258
was published
for
net-imap
(RubyGems)
May 4, 2026
electerm has Command Injection via runLinux funtion
Critical
CVE-2026-41501
was published
for
electerm
(npm)
Apr 24, 2026
Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses
Critical
GHSA-wpqr-6v78-jr5g
was published
for
@google/gemini-cli
(GitHub Actions)
Apr 24, 2026
Inspektor Gadget: Command Injection via malicious buildOptions manipulation
Moderate
CVE-2026-24905
was published
for
github.com/inspektor-gadget/inspektor-gadget
(Go)
Apr 22, 2026
Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability
Critical
CVE-2026-41265
was published
for
flowise
(npm)
Apr 18, 2026
PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection
Critical
CVE-2026-41497
was published
for
praisonai
(pip)
Apr 17, 2026
WWBN AVideo: RCE cause by clonesite plugin
High
CVE-2026-41304
was published
for
wwbn/avideo
(Composer)
Apr 16, 2026
electerm: electerm_install_script_CommandInjection Vulnerability Report
Critical
CVE-2026-41500
was published
for
electerm
(npm)
Apr 16, 2026
Emissary has GitHub Actions Shell Injection via Workflow Inputs
Critical
CVE-2026-35580
was published
for
gov.nsa.emissary:emissary
(Maven)
Apr 8, 2026
ProTip!
Advisories are also available from the
GraphQL API