GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10 advisories
actions-mkdocs: Command Injection via issue title in internal GitHub Actions workflow
Moderate
GHSA-6p2j-742g-835f
was published
for
Tiryoh/actions-mkdocs
(GitHub Actions)
Apr 4, 2026
wenxian: Command Injection in GitHub Actions Workflow via `issue_comment.body`
Critical
CVE-2026-34243
was published
for
njzjz/wenxian
(GitHub Actions)
Mar 29, 2026
Super-linter is vulnerable to command injection via crafted filenames in Super-linter Action
High
CVE-2026-25761
was published
for
super-linter/super-linter
(GitHub Actions)
Feb 9, 2026
PyPI publish GitHub Action vulnerable to injectable expression expansions in action steps
Low
GHSA-vxmw-7h4f-hqxh
was published
for
pypa/gh-action-pypi-publish
(GitHub Actions)
Sep 4, 2025
Command Injection via sonarqube-scan-action GitHub Action
High
CVE-2025-58178
was published
for
SonarSource/sonarqube-scan-action
(GitHub Actions)
Sep 2, 2025
tj-actions/branch-names has a Command Injection Vulnerability
Critical
CVE-2025-54416
was published
for
tj-actions/branch-names
(GitHub Actions)
Jul 25, 2025
Potential Actions command injection in output filenames (GHSL-2023-275)
High
CVE-2023-52137
was published
for
tj-actions/verify-changed-files
(GitHub Actions)
Jan 2, 2024
tj-actions/changed-files has Potential Actions command injection in output filenames (GHSL-2023-271)
High
CVE-2023-51664
was published
for
tj-actions/changed-files
(GitHub Actions)
Jan 2, 2024
Arbitrary command injection in embano1/wip
High
CVE-2023-30623
was published
for
embano1/wip
(GitHub Actions)
Apr 24, 2023
github-slug-action vulnerable to arbitrary code execution
High
CVE-2023-27581
was published
for
rlespinasse/github-slug-action
(GitHub Actions)
Mar 13, 2023
ProTip!
Advisories are also available from the
GraphQL API