Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

87 advisories

Loading
Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape Critical
CVE-2026-50564 was published for github.com/fission/fission (Go) Jun 30, 2026
0xVijay Credited to 0xVijay and sanketsudake sanketsudake sanketsudake
Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover Critical
CVE-2026-50545 was published for github.com/fission/fission (Go) Jun 30, 2026
j311yl0v3u Credited to j311yl0v3u, b0b0haha, and sanketsudake b0b0haha b0b0haha
sanketsudake sanketsudake
npm PraisonAI codeMode sandbox escape via Function constructor Critical
GHSA-vmmj-pfw7-fjwp was published for praisonai (npm) Jun 18, 2026
rexpository Credited to rexpository
q1uf3ng Credited to q1uf3ng
NodeVM builtin denylist bypass via process and inspector/promises allows host code execution Critical
CVE-2026-47140 was published for vm2 (npm) May 29, 2026
spbavarva Credited to spbavarva and VladimirEliTokarev VladimirEliTokarev VladimirEliTokarev
Formie: Pre-authenticated server-side template injection in Hidden fields Critical
CVE-2026-45697 was published for verbb/formie (Composer) May 18, 2026
pwnsauc3 Credited to pwnsauc3
akshatgit Credited to akshatgit
VM2 Has a WASM Sandbox Escape Critical
CVE-2026-26956 was published for vm2 (npm) May 5, 2026
0x5t Credited to 0x5t and Wenxin-Jiang Wenxin-Jiang Wenxin-Jiang
VM2 Has a Sandbox Escape Issue via SuppressedError Critical
CVE-2026-26332 was published for vm2 (npm) May 5, 2026
ProTip! Advisories are also available from the GraphQL API