GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
591 advisories
Filter by severity
picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when...
High
Unreviewed
CVE-2025-71352
was published
Jul 1, 2026
Twig: Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface`
Moderate
CVE-2026-48808
was published
for
twig/twig
(Composer)
Jun 30, 2026
Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters
Moderate
CVE-2026-48807
was published
for
twig/twig
(Composer)
Jun 30, 2026
Twig: Sandbox `__toString()` policy bypass via dynamic mapping keys
Moderate
CVE-2026-48806
was published
for
twig/twig
(Composer)
Jun 30, 2026
Twig: Sandbox state regression in deprecated internal wrappers in `src/Resources/core.php`
Low
CVE-2026-48805
was published
for
twig/twig
(Composer)
Jun 30, 2026
Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape
Critical
CVE-2026-50564
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover
Critical
CVE-2026-50545
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
OpenAM Authenticated RCE via Groovy Sandbox Escape
High
CVE-2026-47424
was published
for
org.openidentityplatform.openam:openam-scripting
(Maven)
Jun 29, 2026
A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation...
High
Unreviewed
CVE-2026-13601
was published
Jun 29, 2026
7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted...
Moderate
Unreviewed
CVE-2026-58052
was published
Jun 28, 2026
pnpm: Manifest identity spoof satisfies allowBuilds and runs attacker lifecycle
High
CVE-2026-55487
was published
for
pnpm
(npm)
Jun 26, 2026
nono-py has proxy-only network fallback bypass on older Linux kernels
Moderate
GHSA-72w7-mf9g-733p
was published
for
nono-py
(pip)
Jun 26, 2026
Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly...
Low
Unreviewed
CVE-2026-3472
was published
Jun 26, 2026
Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit...
High
Unreviewed
CVE-2026-57280
was published
Jun 24, 2026
Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails
Moderate
CVE-2026-54762
was published
for
github.com/traefik/traefik/v3
(Go)
Jun 19, 2026
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
High
CVE-2026-53853
was published
for
openclaw
(npm)
Jun 18, 2026
OpenClaw: Skill-command dispatch could skip before-tool-call hooks
Low
CVE-2026-53845
was published
for
openclaw
(npm)
Jun 18, 2026
PraisonAI SandlockSandbox falls back to unrestricted subprocess execution when Landlock is unavailable
High
GHSA-6jcq-6546-qrrw
was published
for
praisonai
(pip)
Jun 18, 2026
npm PraisonAI utility shell safe-command wrapper allowlist bypass via shell chaining
High
GHSA-5jv7-2mjm-h6qj
was published
for
praisonai
(npm)
Jun 18, 2026
npm PraisonAI AgentLoop onToolCall approval runs after tool execution
High
GHSA-h2w2-v7j6-xqm4
was published
for
praisonai
(npm)
Jun 18, 2026
npm PraisonAI SandboxExecutor allowedCommands bypass via shell chaining
High
GHSA-vjv9-7m7j-h833
was published
for
praisonai
(npm)
Jun 18, 2026
npm PraisonAI codeMode sandbox escape via Function constructor
Critical
GHSA-vmmj-pfw7-fjwp
was published
for
praisonai
(npm)
Jun 18, 2026
npm PraisonAI SandboxExecutor network-isolated mode does not block non-proxy-aware network clients
High
GHSA-gqmf-56h7-rrpf
was published
for
praisonai
(npm)
Jun 18, 2026
PraisonAI: execute_code sandbox bypass: str.format C-level attribute access reads every blocklisted dunder
Moderate
GHSA-pv2j-rghr-v5r9
was published
for
praisonaiagents
(pip)
Jun 18, 2026
PraisonAI recipe.run_stream skips dangerous-tool policy enforcement
High
GHSA-v847-hxxw-3pxg
was published
for
praisonai
(pip)
Jun 18, 2026
ProTip!
Advisories are also available from the
GraphQL API