GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4,523 advisories
Saltcorn's Reflected XSS and Command Injection vulnerabilities can be chained for 1-click-RCE
Critical
GHSA-cr3w-cw5w-h3fj
was published
for
@saltcorn/server
(npm)
Jan 26, 2026
pnpm has Path Traversal via arbitrary file permission modification
Moderate
CVE-2026-24131
was published
for
pnpm
(npm)
Jan 26, 2026
pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip)
Moderate
CVE-2026-23888
was published
for
pnpm
(npm)
Jan 26, 2026
pnpm has Windows-specific tarball Path Traversal
Moderate
CVE-2026-23889
was published
for
pnpm
(npm)
Jan 26, 2026
pnpm scoped bin name Path Traversal allows arbitrary file creation outside node_modules/.bin
Moderate
CVE-2026-23890
was published
for
pnpm
(npm)
Jan 26, 2026
pnpm has symlink traversal in file:/git dependencies
Moderate
CVE-2026-24056
was published
for
pnpm
(npm)
Jan 26, 2026
Orval Mock Generation Code Injection via const
High
CVE-2026-24132
was published
for
@orval/mock
(npm)
Jan 22, 2026
Seroval affected by Denial of Service via Deeply Nested Objects
High
CVE-2026-24006
was published
for
seroval
(npm)
Jan 22, 2026
Typebot affected by Credential Theft via Client-Side Script Execution and API Authorization Bypass
High
CVE-2025-65098
was published
for
@typebot.io/js
(npm)
Jan 22, 2026
Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions
Moderate
CVE-2025-13465
was published
for
lodash
(npm)
Jan 21, 2026
Wrangler affected by OS Command Injection in `wrangler pages deploy`
High
CVE-2026-0933
was published
for
wrangler
(npm)
Jan 21, 2026
Seroval affected by Denial of Service via Array serialization
High
CVE-2026-23957
was published
for
seroval
(npm)
Jan 21, 2026
seroval affected by Denial of Service via RegExp serialization
High
CVE-2026-23956
was published
for
seroval
(npm)
Jan 21, 2026
@envelop/graphql-modules has a Race Condition vulnerability
High
GHSA-h3hw-29fv-2x75
was published
for
@envelop/graphql-modules
(npm)
Jan 21, 2026
sm-crypto Affected by Signature Forgery in SM2-DSA
High
CVE-2026-23965
was published
for
sm-crypto
(npm)
Jan 21, 2026
sm-crypto Affected by Signature Malleability in SM2-DSA
High
CVE-2026-23967
was published
for
sm-crypto
(npm)
Jan 21, 2026
sm-crypto Affected by Private Key Recovery in SM2-PKE
Critical
CVE-2026-23966
was published
for
sm-crypto
(npm)
Jan 21, 2026
seroval Affected by Remote Code Execution via JSON Deserialization
High
CVE-2026-23737
was published
for
seroval
(npm)
Jan 21, 2026
seroval Affected by Prototype Pollution via JSON Deserialization
High
CVE-2026-23736
was published
for
seroval
(npm)
Jan 21, 2026
ProTip!
Advisories are also available from the
GraphQL API