GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
87 advisories
Filter by severity
Inappropriate implementation in AI in Google Chrome prior to 150.0.7871.47 allowed a remote...
Critical
Unreviewed
CVE-2026-14151
was published
Jul 1, 2026
Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote...
Critical
Unreviewed
CVE-2026-14120
was published
Jul 1, 2026
Insufficient policy enforcement in Sandbox in Google Chrome on Mac prior to 150.0.7871.47 allowed...
Critical
Unreviewed
CVE-2026-14101
was published
Jul 1, 2026
Insufficient policy enforcement in Browser in Google Chrome prior to 150.0.7871.47 allowed a...
Critical
Unreviewed
CVE-2026-14095
was published
Jul 1, 2026
Inappropriate implementation in WebAppInstalls in Google Chrome on Mac prior to 150.0.7871.47...
Critical
Unreviewed
CVE-2026-14097
was published
Jul 1, 2026
Insufficient policy enforcement in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote...
Critical
Unreviewed
CVE-2026-14037
was published
Jul 1, 2026
Inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.47 allowed a...
Critical
Unreviewed
CVE-2026-14017
was published
Jul 1, 2026
Insufficient policy enforcement in DevTools in Google Chrome prior to 150.0.7871.47 allowed a...
Critical
Unreviewed
CVE-2026-13909
was published
Jul 1, 2026
Inappropriate implementation in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote...
Critical
Unreviewed
CVE-2026-13859
was published
Jul 1, 2026
Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape
Critical
CVE-2026-50564
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover
Critical
CVE-2026-50545
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
npm PraisonAI codeMode sandbox escape via Function constructor
Critical
GHSA-vmmj-pfw7-fjwp
was published
for
praisonai
(npm)
Jun 18, 2026
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152 and...
Critical
Unreviewed
CVE-2026-12315
was published
Jun 16, 2026
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152.
Critical
Unreviewed
CVE-2026-12316
was published
Jun 16, 2026
Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in...
Critical
Unreviewed
CVE-2026-12296
was published
Jun 16, 2026
Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152,...
Critical
Unreviewed
CVE-2026-12295
was published
Jun 16, 2026
Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152,...
Critical
Unreviewed
CVE-2026-12294
was published
Jun 16, 2026
Insufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53...
Critical
Unreviewed
CVE-2026-11282
was published
Jun 5, 2026
PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)
Critical
CVE-2026-47392
was published
for
PraisonAI
(pip)
May 29, 2026
NodeVM builtin denylist bypass via process and inspector/promises allows host code execution
Critical
CVE-2026-47140
was published
for
vm2
(npm)
May 29, 2026
Formie: Pre-authenticated server-side template injection in Hidden fields
Critical
CVE-2026-45697
was published
for
verbb/formie
(Composer)
May 18, 2026
Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3.
Critical
Unreviewed
CVE-2026-8401
was published
May 12, 2026
vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution
Critical
CVE-2026-44007
was published
for
vm2
(npm)
May 7, 2026
VM2 Has a Sandbox Escape Issue via SuppressedError
Critical
CVE-2026-26332
was published
for
vm2
(npm)
May 5, 2026
ProTip!
Advisories are also available from the
GraphQL API