Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+

5 advisories

Loading
@nyariv/sandboxjs vulnerable to sandbox escape via TOCTOU bug on keys in property accesses Critical
CVE-2026-25641 was published for @nyariv/sandboxjs (npm) Feb 5, 2026
cristianstaicu Credited to cristianstaicu
n8n Has Expression Escape Vulnerability Leading to RCE Critical
CVE-2026-25049 was published for n8n (npm) Feb 4, 2026
fatihhcelik Credited to fatihhcelik, eilonc-pillar, cristianstaicu, sandeepl337, nickcopi, joshft, yadhukrishnam, doyler, zolbooo, and nnfrog eilonc-pillar eilonc-pillar
cristianstaicu cristianstaicu sandeepl337 sandeepl337 nickcopi nickcopi joshft joshft yadhukrishnam yadhukrishnam doyler doyler zolbooo zolbooo nnfrog nnfrog
locutus is vulnerable to Prototype Pollution Critical
CVE-2026-25521 was published for locutus (npm) Feb 2, 2026
kevgeoleo Credited to kevgeoleo, reallyTG, vdata1, and cristianstaicu reallyTG reallyTG
vdata1 vdata1 cristianstaicu cristianstaicu
happy-dom's `--disallow-code-generation-from-strings` is not sufficient for isolating untrusted JavaScript Critical
CVE-2025-62410 was published for happy-dom (npm) Oct 15, 2025
cristianstaicu Credited to cristianstaicu and shaked-seal shaked-seal shaked-seal
Command injection in Parse Server through prototype pollution Critical
CVE-2022-24760 was published for parse-server (npm) Mar 11, 2022
yuske Credited to yuske, cristianstaicu, musard, and mtrezza cristianstaicu cristianstaicu
musard musard mtrezza mtrezza
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database