GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
148 advisories
Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247
Low
GHSA-8678-w3jw-xfc2
was published
for
nokogiri
(RubyGems)
Jun 19, 2026
OpenClaw: Exec allowlist could miss side effects from transparent command wrappers
Low
CVE-2026-53848
was published
for
openclaw
(npm)
Jun 18, 2026
OpenClaw: macOS Swift exec allowlist missed combined POSIX inline flags
Moderate
CVE-2026-53861
was published
for
openclaw
(npm)
Jun 18, 2026
npm PraisonAI codeMode sandbox escape via Function constructor
Critical
GHSA-vmmj-pfw7-fjwp
was published
for
praisonai
(npm)
Jun 18, 2026
OpenClaw: Shell inline-command parsing could miss an allowlist check
High
CVE-2026-53866
was published
for
openclaw
(npm)
Jun 18, 2026
OpenClaw: Host environment sanitizer missed two Node.js control variables
High
CVE-2026-53864
was published
for
openclaw
(npm)
Jun 18, 2026
Symfony: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient
Moderate
CVE-2026-48736
was published
for
symfony/http-client
(Composer)
Jun 15, 2026
File Browser has a Command Execution Allowlist Bypass via Shell Metacharacter Injection
High
CVE-2026-54090
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Jun 12, 2026
PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)
Critical
CVE-2026-47392
was published
for
PraisonAI
(pip)
May 29, 2026
Gotenberg has an SSRF deny-list bypass in IsPublicIP via IPv6 6to4 / NAT64 / site-local prefixes
High
CVE-2026-45741
was published
for
github.com/gotenberg/gotenberg/v8
(Go)
May 29, 2026
Symfony's HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite — `javascript`: URI Survives Sanitization (XSS)
Low
CVE-2026-45753
was published
for
symfony/html-sanitizer
(Composer)
May 28, 2026
Flowise has an MCP Security Bypass that Enables RCE
High
GHSA-m99r-2hxc-cp3q
was published
for
flowise
(npm)
May 14, 2026
ProTip!
Advisories are also available from the
GraphQL API