GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
21 advisories
Filter by severity
Prototype Pollution in config-handler
Critical
CVE-2021-23448
was published
for
config-handler
(npm)
Oct 12, 2021
vm2 vulnerable to Sandbox Escape resulting in Remote Code Execution on host
Critical
CVE-2022-36067
was published
for
vm2
(npm)
Sep 28, 2022
toui allows user-specific variables to be shared between users
Critical
CVE-2023-33175
was published
for
toui
(pip)
May 24, 2023
TorchServe Pre-Auth Remote Code Execution
Critical
GHSA-4mqg-h5jf-j9m7
was published
for
torchserve
(pip)
Oct 2, 2023
Remote code execution in pytorch lightning
Critical
CVE-2024-5452
was published
for
lightning
(pip)
Jun 6, 2024
n8n Vulnerable to Remote Code Execution via Expression Injection
Critical
CVE-2025-68613
was published
for
n8n
(npm)
Dec 22, 2025
Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE)
Critical
CVE-2025-66398
was published
for
signalk-server
(npm)
Jan 2, 2026
SandboxJS has Sandbox Escape via Unprotected AsyncFunction Constructor
Critical
CVE-2026-23830
was published
for
@nyariv/sandboxjs
(npm)
Jan 27, 2026
n8n Has Expression Escape Vulnerability Leading to RCE
Critical
CVE-2026-25049
was published
for
n8n
(npm)
Feb 4, 2026
Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names
Critical
CVE-2026-33286
was published
for
graphiti
(RubyGems)
Mar 20, 2026
NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node
Critical
CVE-2026-34156
was published
for
@nocobase/plugin-workflow-javascript
(npm)
Mar 30, 2026
PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection
Critical
CVE-2026-44336
was published
for
PraisonAI
(pip)
May 11, 2026
vm2 is Vulnerable to Sandbox Breakout Through Promise Species
Critical
CVE-2026-47208
was published
for
vm2
(npm)
May 29, 2026
vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE
Critical
CVE-2026-47137
was published
for
vm2
(npm)
May 29, 2026
vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass
Critical
CVE-2026-47210
was published
for
vm2
(npm)
May 29, 2026
Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API
Critical
CVE-2026-53753
was published
for
crawl4ai
(pip)
Jun 16, 2026
ProTip!
Advisories are also available from the
GraphQL API