Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

6 advisories

Loading
@nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape) Critical
CVE-2026-25881 was published for @nyariv/sandboxjs (npm) Feb 10, 2026
k14uz Credited to k14uz
NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write High
CVE-2026-25732 was published for nicegui (pip) Feb 5, 2026
k14uz Credited to k14uz, falkoschindler, and evnchn falkoschindler falkoschindler
evnchn evnchn
Orval has Code Injection via unsanitized x-enum-descriptions using JS comments Critical
CVE-2026-25141 was published for @orval/core (npm) Jan 30, 2026
progfay Credited to progfay and k14uz k14uz k14uz
Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access High
CVE-2026-24740 was published for github.com/amir20/dozzle (Go) Jan 27, 2026
k14uz Credited to k14uz
Orval Mock Generation Code Injection via const High
CVE-2026-24132 was published for @orval/mock (npm) Jan 22, 2026
k14uz Credited to k14uz
Orval has a code injection via unsanitized x-enum-descriptions in enum generation Critical
CVE-2026-23947 was published for @orval/core (npm) Jan 21, 2026
k14uz Credited to k14uz and ZipJo ZipJo ZipJo
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database