Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+

14 advisories

Loading
@nyariv/sandboxjs vulnerable to sandbox escape via TOCTOU bug on keys in property accesses Critical
CVE-2026-25641 was published for @nyariv/sandboxjs (npm) Feb 5, 2026
cristianstaicu Credited to cristianstaicu
Sandbox escape via infinite recursion and error objects Moderate
CVE-2026-25533 was published for @enclave-vm/core (npm) Feb 5, 2026
cristianstaicu Credited to cristianstaicu and frontegg-david frontegg-david frontegg-david
n8n Has Expression Escape Vulnerability Leading to RCE Critical
CVE-2026-25049 was published for n8n (npm) Feb 4, 2026
fatihhcelik Credited to fatihhcelik, eilonc-pillar, cristianstaicu, sandeepl337, nickcopi, joshft, yadhukrishnam, doyler, zolbooo, and nnfrog eilonc-pillar eilonc-pillar
cristianstaicu cristianstaicu sandeepl337 sandeepl337 nickcopi nickcopi joshft joshft yadhukrishnam yadhukrishnam doyler doyler zolbooo zolbooo nnfrog nnfrog
locutus is vulnerable to Prototype Pollution Critical
CVE-2026-25521 was published for locutus (npm) Feb 2, 2026
kevgeoleo Credited to kevgeoleo, reallyTG, vdata1, and cristianstaicu reallyTG reallyTG
vdata1 vdata1 cristianstaicu cristianstaicu
tinacms is vulnerable to arbitrary code execution High
CVE-2025-68278 was published for @tinacms/cli (npm) Dec 18, 2025
cristianstaicu Credited to cristianstaicu
RCE via ZipSlip and symbolic links in argoproj/argo-workflows High
CVE-2025-66626 was published for github.com/argoproj/argo-workflows (Go) Dec 9, 2025
cristianstaicu Credited to cristianstaicu and meenakshisl meenakshisl meenakshisl
happy-dom's `--disallow-code-generation-from-strings` is not sufficient for isolating untrusted JavaScript Critical
CVE-2025-62410 was published for happy-dom (npm) Oct 15, 2025
cristianstaicu Credited to cristianstaicu and shaked-seal shaked-seal shaked-seal
Deno vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2024-21486 was published for deno (Rust) Jun 5, 2025
cristianstaicu Credited to cristianstaicu and vdata1 vdata1 vdata1
Denial-of-Service when binding invalid parameters in sqlite3 High
CVE-2022-21227 was published for sqlite3 (npm) Apr 28, 2022
cristianstaicu Credited to cristianstaicu
Prototype Pollution in convict High
CVE-2022-22143 was published for convict (npm) Apr 20, 2022
cristianstaicu Credited to cristianstaicu and arjunshibu arjunshibu arjunshibu
Command injection in Parse Server through prototype pollution Critical
CVE-2022-24760 was published for parse-server (npm) Mar 11, 2022
yuske Credited to yuske, cristianstaicu, musard, and mtrezza cristianstaicu cristianstaicu
musard musard mtrezza mtrezza
Prototype pollution in min-dash High
CVE-2021-23460 was published for min-dash (Maven) Feb 1, 2022
cristianstaicu Credited to cristianstaicu
Improper Handling of Unexpected Data Type in ced High
CVE-2021-39131 was published for ced (npm) Aug 23, 2021
cristianstaicu Credited to cristianstaicu
Misuse of `Reference` and other transferable APIs may lead to access to nodejs isolate High
CVE-2021-21413 was published for isolated-vm (npm) Apr 6, 2021
vdata1 Credited to vdata1 and cristianstaicu cristianstaicu cristianstaicu
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database