GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
2,648 advisories
Filter by severity
AgenticMail: Unauthenticated inbound mail triggers bypassPermissions resume of the operator's Claude Code session (bridge-wake)
High
GHSA-fq4x-789w-jg5h
was published
for
@agenticmail/claudecode
(npm)
Jun 18, 2026
AgenticMail: Cross-agent task authorization bypass in AgenticMail API
High
GHSA-hjwc-26pj-v3pm
was published
for
@agenticmail/api
(npm)
Jun 18, 2026
undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent
High
CVE-2026-9697
was published
for
undici
(npm)
Jun 18, 2026
undici WebSocket client vulnerable to denial of service via cumulative fragment bypass
High
CVE-2026-9675
was published
for
undici
(npm)
Jun 18, 2026
Nodemailer: Message-level raw option bypasses disableFileAccess/disableUrlAccess, enabling arbitrary file read and full-response SSRF in the delivered message
High
GHSA-p6gq-j5cr-w38f
was published
for
nodemailer
(npm)
Jun 18, 2026
npm PraisonAI utility shell safe-command wrapper allowlist bypass via shell chaining
High
GHSA-5jv7-2mjm-h6qj
was published
for
praisonai
(npm)
Jun 18, 2026
npm PraisonAI AgentLoop onToolCall approval runs after tool execution
High
GHSA-h2w2-v7j6-xqm4
was published
for
praisonai
(npm)
Jun 18, 2026
npm PraisonAI SandboxExecutor allowedCommands bypass via shell chaining
High
GHSA-vjv9-7m7j-h833
was published
for
praisonai
(npm)
Jun 18, 2026
npm PraisonAI SandboxExecutor network-isolated mode does not block non-proxy-aware network clients
High
GHSA-gqmf-56h7-rrpf
was published
for
praisonai
(npm)
Jun 18, 2026
npm PraisonAI MCPSecurity Basic/OAuth authentication policies accept invalid credentials without validation
High
GHSA-4qq2-2j2x-x62c
was published
for
praisonai
(npm)
Jun 18, 2026
http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in `fixRequestBody`
High
CVE-2026-55603
was published
for
http-proxy-middleware
(npm)
Jun 18, 2026
piscina: Prototype Pollution Gadget → RCE via inherited options.filename
High
CVE-2026-55388
was published
for
piscina
(npm)
Jun 18, 2026
OpenClaw: Workspace .env CLOUDSDK_PYTHON could influence Gmail setup gcloud execution
High
CVE-2026-53842
was published
for
openclaw
(npm)
Jun 18, 2026
OpenClaw: Shell inline-command parsing could miss an allowlist check
High
CVE-2026-53866
was published
for
openclaw
(npm)
Jun 18, 2026
OpenClaw: Pairing-scoped device session could restore revoked node token authority
High
CVE-2026-53843
was published
for
openclaw
(npm)
Jun 18, 2026
OpenClaw: Host environment sanitizer missed two Node.js control variables
High
CVE-2026-53864
was published
for
openclaw
(npm)
Jun 18, 2026
Multer vulnerable to Denial of Service via deeply nested field names
High
CVE-2026-5079
was published
for
multer
(npm)
Jun 17, 2026
OpenClaw: MCP Streamable HTTP redirects could forward configured custom headers to another origin
High
CVE-2026-53840
was published
for
openclaw
(npm)
Jun 17, 2026
Pi Agent: Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts
High
CVE-2026-54328
was published
for
@earendil-works/pi-coding-agent
(npm)
Jun 17, 2026
n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host
High
CVE-2026-54304
was published
for
n8n
(npm)
Jun 16, 2026
n8n: MCP Browser HTTP Transport Exposes Unauthenticated Browser-Control Sessions
High
CVE-2026-54309
was published
for
n8n
(npm)
Jun 16, 2026
n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints
High
CVE-2026-54305
was published
for
n8n
(npm)
Jun 16, 2026
n8n: Credential Exfiltration via Permission Bypass
High
CVE-2026-54307
was published
for
n8n
(npm)
Jun 16, 2026
n8n: Microsoft SQL Node Prototype Pollution
High
CVE-2026-54312
was published
for
n8n
(npm)
Jun 16, 2026
ProTip!
Advisories are also available from the
GraphQL API