Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

1,094 advisories

Loading
set-in Affected by Prototype Pollution Critical
CVE-2026-26021 was published for set-in (npm) Feb 11, 2026
kevgeoleo vdata1
reallyTG
Credited to kevgeoleo, vdata1, and reallyTG
SQL Injection in typeorm Critical
GHSA-w7q7-vjp8-7jv4 was published for typeorm (npm) Jun 6, 2019
sunnypatell
Credited to sunnypatell
CASL Ability is Vulnerable to Prototype Pollution Critical
CVE-2026-1774 was published for @casl/ability (npm) Feb 10, 2026
FUXA Unauthenticated Remote Code Execution in Node-RED Integration Critical
CVE-2026-25938 was published for fuxa-server (npm) Feb 10, 2026
wodzen
Credited to wodzen
FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API Critical
CVE-2026-25895 was published for fuxa-server (npm) Feb 5, 2026
wodzen
Credited to wodzen
FUXA Unauthenticated Remote Arbitrary Scheduler Write Critical
CVE-2026-25939 was published for fuxa-server (npm) Feb 10, 2026
wodzen
Credited to wodzen
FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration Critical
CVE-2026-25894 was published for fuxa-server (npm) Feb 5, 2026
wodzen
Credited to wodzen
FUXA Unauthenticated Remote Code Execution via Admin JWT Minting Critical
CVE-2026-25893 was published for fuxa-server (npm) Feb 5, 2026
wodzen
Credited to wodzen
@nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape) Critical
CVE-2026-25881 was published for @nyariv/sandboxjs (npm) Feb 10, 2026
k14uz
Credited to k14uz
@payloadcms/drizzle has SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters Critical
CVE-2026-25544 was published for @payloadcms/drizzle (npm) Feb 5, 2026
thxtech
Credited to thxtech
@nyariv/sandboxjs vulnerable to sandbox escape via TOCTOU bug on keys in property accesses Critical
CVE-2026-25641 was published for @nyariv/sandboxjs (npm) Feb 5, 2026
cristianstaicu
Credited to cristianstaicu
@nyariv/sandboxjs has a Sandbox Escape vulnerability Critical
CVE-2026-25587 was published for @nyariv/sandboxjs (npm) Feb 5, 2026
c0rydoras
Credited to c0rydoras
@nyariv/sandboxjs has Sandbox Escape via Prototype Whitelist Bypass and Host Prototype Pollution Critical
CVE-2026-25586 was published for @nyariv/sandboxjs (npm) Feb 5, 2026
sofianeelhor
Credited to sofianeelhor
FUXA Unauthenticated Remote Arbitrary Device Tag Write Critical
CVE-2026-25752 was published for fuxa-server (npm) Feb 5, 2026
wodzen
Credited to wodzen
FUXA Unauthenticated Exposure of Plaintext Database Credentials Critical
CVE-2026-25751 was published for fuxa-server (npm) Feb 5, 2026
wodzen
Credited to wodzen
@nyariv/sandboxjs has a Sandbox Escape issue Critical
CVE-2026-25520 was published for @nyariv/sandboxjs (npm) Feb 5, 2026
c0rydoras
Credited to c0rydoras
survey-pdf Upgraded jsPDF Version Due to Security Vulnerability Critical
CVE-2026-25630 was published for survey-pdf (npm) Feb 4, 2026
@react-native-community/cli has arbitrary OS command injection Critical
CVE-2025-11953 was published for @react-native-community/cli (npm) Nov 3, 2025
Malayke cylewaitforit
liamjones conorfitch
Credited to Malayke, cylewaitforit, liamjones, and conorfitch
Lobe Chat affected by Cross-Site Scripting(XSS) that can escalate to Remote Code Execution(RCE) Critical
CVE-2026-23733 was published for @lobehub/chat (npm) Jan 20, 2026
c2an1
Credited to c2an1
locutus is vulnerable to Prototype Pollution Critical
CVE-2026-25521 was published for locutus (npm) Feb 2, 2026
kevgeoleo reallyTG
vdata1 cristianstaicu
Credited to kevgeoleo, reallyTG, vdata1, and cristianstaicu
n8n Has Expression Escape Vulnerability Leading to RCE Critical
CVE-2026-25049 was published for n8n (npm) Feb 4, 2026
fatihhcelik eilonc-pillar
cristianstaicu sandeepl337 nickcopi joshft yadhukrishnam doyler zolbooo nnfrog
Credited to fatihhcelik, eilonc-pillar, cristianstaicu, sandeepl337, nickcopi, joshft, yadhukrishnam, doyler, zolbooo, and nnfrog
n8n's Improper File Access Controls Allow Arbitrary File Read by Authenticated Users Critical
CVE-2026-25052 was published for n8n (npm) Feb 4, 2026
theolelasseux
Credited to theolelasseux
n8n Vulnerable to Command Injection in Community Package Installation Critical
CVE-2026-21893 was published for n8n (npm) Feb 4, 2026
berkdedekarginoglu
Credited to berkdedekarginoglu
n8n has a Python sandbox escape Critical
CVE-2026-25115 was published for n8n (npm) Feb 4, 2026
MarcoPoloPie c0rydoras
Credited to MarcoPoloPie and c0rydoras
n8n Merge Node has Arbitrary File Write leading to RCE Critical
CVE-2026-25056 was published for n8n (npm) Feb 4, 2026
nlgbao1340
Credited to nlgbao1340
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database