Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

15 advisories

Loading
npm PraisonAI codeMode sandbox escape via Function constructor Critical
GHSA-vmmj-pfw7-fjwp was published for praisonai (npm) Jun 18, 2026
rexpository Credited to rexpository
NodeVM builtin denylist bypass via process and inspector/promises allows host code execution Critical
CVE-2026-47140 was published for vm2 (npm) May 29, 2026
spbavarva Credited to spbavarva and VladimirEliTokarev VladimirEliTokarev VladimirEliTokarev
akshatgit Credited to akshatgit
VM2 Has a WASM Sandbox Escape Critical
CVE-2026-26956 was published for vm2 (npm) May 5, 2026
0x5t Credited to 0x5t and Wenxin-Jiang Wenxin-Jiang Wenxin-Jiang
VM2 Has a Sandbox Escape Issue via SuppressedError Critical
CVE-2026-26332 was published for vm2 (npm) May 5, 2026
VM2 Has Sandbox Breakout Through Inspect Function Critical
CVE-2026-24781 was published for vm2 (npm) May 5, 2026
XmiliaH Credited to XmiliaH
VM2 Has Sandbox Breakout Through Promise Species Critical
CVE-2026-24120 was published for vm2 (npm) May 5, 2026
XmiliaH Credited to XmiliaH
VM2 Sandbox Breakout Through __lookupGetter__ Critical
CVE-2026-24118 was published for vm2 (npm) May 4, 2026
XmiliaH Credited to XmiliaH
SandboxJS: Sandbox integrity escape Critical
CVE-2026-34208 was published for @nyariv/sandboxjs (npm) Apr 3, 2026
fancymalware Credited to fancymalware
n8n has a Python sandbox escape Critical
CVE-2026-25115 was published for n8n (npm) Feb 4, 2026
MarcoPoloPie Credited to MarcoPoloPie and c0rydoras c0rydoras c0rydoras
n8n Merge Node has Arbitrary File Write leading to RCE Critical
CVE-2026-25056 was published for n8n (npm) Feb 4, 2026
nlgbao1340 Credited to nlgbao1340
SandboxJS has Sandbox Escape via Unprotected AsyncFunction Constructor Critical
CVE-2026-23830 was published for @nyariv/sandboxjs (npm) Jan 27, 2026
nyxsorcerer Credited to nyxsorcerer
vm2 has a Sandbox Escape Critical
CVE-2026-22709 was published for vm2 (npm) Jan 26, 2026
n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node Critical
CVE-2025-68668 was published for n8n (npm) Dec 26, 2025
berkdedekarginoglu Credited to berkdedekarginoglu, VladimirEliTokarev, Ofekitach, and nnfrog VladimirEliTokarev VladimirEliTokarev
Ofekitach Ofekitach nnfrog nnfrog
isolated-vm has vulnerable CachedDataOptions in API Critical
CVE-2022-39266 was published for isolated-vm (npm) Sep 30, 2022
hedgehog80 Credited to hedgehog80
ProTip! Advisories are also available from the GraphQL API