GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
17 advisories
PraisonAI Vulnerable to Code Injection and Protection Mechanism Failure
High
CVE-2026-40158
was published
for
PraisonAI
(pip)
Apr 10, 2026
Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr
High
CVE-2026-34444
was published
for
lupa
(pip)
Apr 7, 2026
vLLM has Hardcoded Trust Override in Model Files Enables RCE Despite Explicit User Opt-Out
High
CVE-2026-27893
was published
for
vllm
(pip)
Mar 27, 2026
OpenClaw has Inconsistent Host Exec Environment Override Sanitization
High
CVE-2026-35650
was published
for
openclaw
(npm)
Mar 26, 2026
ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack
High
CVE-2026-28500
was published
for
onnx
(pip)
Mar 16, 2026
Fickling has `always_check_safety()` bypass: pickle.loads and _pickle.loads remain unhooked
High
GHSA-wccx-j62j-r448
was published
for
fickling
(pip)
Mar 4, 2026
pnpm v10+ Bypass "Dependency lifecycle scripts execution disabled by default"
High
CVE-2025-69264
was published
for
pnpm
(npm)
Jan 7, 2026
Picklescan Bypasses Unsafe Globals Check using pty.spawn
High
GHSA-hgrh-qx5j-jfwx
was published
for
picklescan
(pip)
Dec 29, 2025
Intermittent HTTP policy bypass
High
CVE-2024-28248
was published
for
github.com/cilium/cilium
(Go)
Mar 18, 2024
Remote Code Execution in Custom Integration Upload
High
CVE-2023-41319
was published
for
ethyca-fides
(pip)
Sep 7, 2023
Unauthorized view fragment access in Jenkins
High
CVE-2022-34175
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 24, 2022
Sandbox bypass vulnerability in Script Security Plugin
High
CVE-2020-2134
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Sandbox bypass vulnerability in Script Security Plugin
High
CVE-2020-2135
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Sandbox Bypass in Script Security Plugin
High
CVE-2019-1003005
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 13, 2022
Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin
High
CVE-2022-23118
was published
for
ru.yandex.jenkins.plugins.debuilder:debian-package-builder
(Maven)
Jan 13, 2022
ProTip!
Advisories are also available from the
GraphQL API