Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

53 advisories

Loading
Scriban: Sandbox escape due to TypedObjectAccessorcache bypassing MemberFilter after TemplateContext reuse Critical
GHSA-5wr9-m6jw-xx44 was published for scriban (NuGet) Mar 24, 2026
Zwique Credited to Zwique
PickleScan has multiple stdlib modules with direct RCE not in blocklist Critical
GHSA-g38g-8gr9-h9xp was published for picklescan (pip) Mar 3, 2026
yash2998chhabria Credited to yash2998chhabria
PickleScan's pkgutil.resolve_name has a universal blocklist bypass Critical
GHSA-vvpj-8cmc-gx39 was published for picklescan (pip) Mar 3, 2026
yash2998chhabria Credited to yash2998chhabria
Sandbox escape in the Graphics: WebRender component. This vulnerability affects Firefox < 148,... Critical Unreviewed
CVE-2026-2761 was published Feb 24, 2026
n8n has a Python sandbox escape Critical
CVE-2026-25115 was published for n8n (npm) Feb 4, 2026
MarcoPoloPie Credited to MarcoPoloPie and c0rydoras c0rydoras c0rydoras
n8n Merge Node has Arbitrary File Write leading to RCE Critical
CVE-2026-25056 was published for n8n (npm) Feb 4, 2026
nlgbao1340 Credited to nlgbao1340
SandboxJS has Sandbox Escape via Unprotected AsyncFunction Constructor Critical
CVE-2026-23830 was published for @nyariv/sandboxjs (npm) Jan 27, 2026
nyxsorcerer Credited to nyxsorcerer
vm2 has a Sandbox Escape Critical
CVE-2026-22709 was published for vm2 (npm) Jan 26, 2026
n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node Critical
CVE-2025-68668 was published for n8n (npm) Dec 26, 2025
berkdedekarginoglu Credited to berkdedekarginoglu, VladimirEliTokarev, Ofekitach, and nnfrog VladimirEliTokarev VladimirEliTokarev
Ofekitach Ofekitach nnfrog nnfrog
When using the attachment interaction functionality, Blue Mail 1.140.103 and below saves... Critical Unreviewed
CVE-2025-65319 was published Dec 16, 2025
When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents... Critical Unreviewed
CVE-2025-65318 was published Dec 16, 2025
In multiple locations, there is a possible way to launch an application from the background due... Critical Unreviewed
CVE-2025-48626 was published Dec 8, 2025
Duplicate Advisory: Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports Critical
GHSA-hf6h-9wq7-hmjg was published for picklescan (pip) Sep 17, 2025 withdrawn
Picklescan Bypass is Possible via File Extension Mismatch Critical
CVE-2025-10155 was published for picklescan (pip) Sep 10, 2025
Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check Critical
CVE-2025-10156 was published for picklescan (pip) Sep 10, 2025
Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports Critical
CVE-2025-10157 was published for picklescan (pip) Sep 10, 2025
davcohen Credited to davcohen
The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control... Critical Unreviewed
CVE-2025-59033 was published Sep 8, 2025
Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protection Mechanism Failure... Critical Unreviewed
CVE-2025-43728 was published Aug 27, 2025
Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the... Critical Unreviewed
CVE-2025-54143 was published Aug 19, 2025
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6,... Critical Unreviewed
CVE-2025-43261 was published Jul 30, 2025
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in... Critical Unreviewed
CVE-2025-43273 was published Jul 30, 2025
An attacker was able to bypass the `connect-src` directive of a Content Security Policy by... Critical Unreviewed
CVE-2025-6427 was published Jun 26, 2025
Spring Security authorization bypass for method security annotations on private methods Critical
CVE-2025-41232 was published for org.springframework.security:spring-security-aspects (Maven) May 21, 2025
tomabai Credited to tomabai
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed
CVE-2025-27665 was published Mar 5, 2025
Protection mechanism failure issue exists in RevoWorks SCVX prior to scvimage4.10.21_1013 (when... Critical Unreviewed
CVE-2024-25091 was published Mar 1, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database