Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

6 advisories

Loading
sondt99 Credited to sondt99
Network-AI: AgentRuntime sandbox path-prefix checks allow file access outside the configured base directory Moderate
GHSA-jvcm-f35g-w78p was published for network-ai (npm) Jun 19, 2026
sondt99 Credited to sondt99
UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()` Moderate
CVE-2026-48125 was published for ua-parser-js (npm) Jun 15, 2026
sondt99 Credited to sondt99
protobufjs: Memory amplification from preserved unknown fields in binary decode Moderate
CVE-2026-54270 was published for protobufjs (npm) Jun 15, 2026
sondt99 Credited to sondt99 and dcodeIO dcodeIO dcodeIO
Nodemailer: CRLF injection in Nodemailer List-* header comments allows arbitrary message header injection Moderate
GHSA-268h-hp4c-crq3 was published for nodemailer (npm) Jun 15, 2026
sondt99 Credited to sondt99 and dungNHVhust dungNHVhust dungNHVhust
Nodemailer jsonTransport bypasses disableFileAccess and disableUrlAccess during message normalization Moderate
GHSA-wqvq-jvpq-h66f was published for nodemailer (npm) Jun 15, 2026
sondt99 Credited to sondt99 and dungNHVhust dungNHVhust dungNHVhust
ProTip! Advisories are also available from the GraphQL API