Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

13 advisories

Loading
sondt99 Credited to sondt99
Network-AI: AgentRuntime sandbox path-prefix checks allow file access outside the configured base directory Moderate
GHSA-jvcm-f35g-w78p was published for network-ai (npm) Jun 19, 2026
sondt99 Credited to sondt99
Network-AI: Poisoned environment backup manifest allows arbitrary recursive deletion during backup pruning High
GHSA-2fmp-9rvw-hc96 was published for network-ai (npm) Jun 19, 2026
sondt99 Credited to sondt99
kulesy Credited to kulesy, sondt99, and dungNHVhust sondt99 sondt99
dungNHVhust dungNHVhust
sondt99 Credited to sondt99
PraisonAI: Remote Code Execution via Sandbox Escape in `codeMode` Tool Critical
GHSA-p69m-4f92-2v84 was published for praisonai (npm) Jun 18, 2026
sondt99 Credited to sondt99
UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()` Moderate
CVE-2026-48125 was published for ua-parser-js (npm) Jun 15, 2026
sondt99 Credited to sondt99
protobufjs: Memory amplification from preserved unknown fields in binary decode Moderate
CVE-2026-54270 was published for protobufjs (npm) Jun 15, 2026
sondt99 Credited to sondt99 and dcodeIO dcodeIO dcodeIO
Nodemailer: CRLF injection in Nodemailer List-* header comments allows arbitrary message header injection Moderate
GHSA-268h-hp4c-crq3 was published for nodemailer (npm) Jun 15, 2026
sondt99 Credited to sondt99 and dungNHVhust dungNHVhust dungNHVhust
Nodemailer jsonTransport bypasses disableFileAccess and disableUrlAccess during message normalization Moderate
GHSA-wqvq-jvpq-h66f was published for nodemailer (npm) Jun 15, 2026
sondt99 Credited to sondt99 and dungNHVhust dungNHVhust dungNHVhust
sondt99 Credited to sondt99 and dungNHVhust dungNHVhust dungNHVhust
9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes Critical
CVE-2026-46339 was published for 9router (npm) May 19, 2026
sondt99 Credited to sondt99
ProTip! Advisories are also available from the GraphQL API