GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
npm PraisonAI codeMode sandbox escape via Function constructor
Critical
GHSA-vmmj-pfw7-fjwp
was published
for
praisonai
(npm)
Jun 18, 2026
NodeVM builtin denylist bypass via process and inspector/promises allows host code execution
Critical
CVE-2026-47140
was published
for
vm2
(npm)
May 29, 2026
vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution
Critical
CVE-2026-44007
was published
for
vm2
(npm)
May 7, 2026
VM2 Has a Sandbox Escape Issue via SuppressedError
Critical
CVE-2026-26332
was published
for
vm2
(npm)
May 5, 2026
VM2 Has Sandbox Breakout Through Inspect Function
Critical
CVE-2026-24781
was published
for
vm2
(npm)
May 5, 2026
VM2 Has Sandbox Breakout Through Promise Species
Critical
CVE-2026-24120
was published
for
vm2
(npm)
May 5, 2026
VM2 Sandbox Breakout Through __lookupGetter__
Critical
CVE-2026-24118
was published
for
vm2
(npm)
May 4, 2026
SandboxJS: Sandbox integrity escape
Critical
CVE-2026-34208
was published
for
@nyariv/sandboxjs
(npm)
Apr 3, 2026
n8n Merge Node has Arbitrary File Write leading to RCE
Critical
CVE-2026-25056
was published
for
n8n
(npm)
Feb 4, 2026
SandboxJS has Sandbox Escape via Unprotected AsyncFunction Constructor
Critical
CVE-2026-23830
was published
for
@nyariv/sandboxjs
(npm)
Jan 27, 2026
n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node
Critical
CVE-2025-68668
was published
for
n8n
(npm)
Dec 26, 2025
isolated-vm has vulnerable CachedDataOptions in API
Critical
CVE-2022-39266
was published
for
isolated-vm
(npm)
Sep 30, 2022
ProTip!
Advisories are also available from the
GraphQL API