The jokob-sk/Pi.Alert fork (prior to 22.12.20) of Pi.Alert allows Remote Code Execution via nmap_scan.php (scan parameter) OS Command Injection.
pi.alert project pi.alert 1.0