GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
82 advisories
NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node
Critical
CVE-2026-34156
was published
for
@nocobase/plugin-workflow-javascript
(npm)
Mar 30, 2026
Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names
Critical
CVE-2026-33286
was published
for
graphiti
(RubyGems)
Mar 20, 2026
n8n Has Expression Escape Vulnerability Leading to RCE
Critical
CVE-2026-25049
was published
for
n8n
(npm)
Feb 4, 2026
SandboxJS has Sandbox Escape via Unprotected AsyncFunction Constructor
Critical
CVE-2026-23830
was published
for
@nyariv/sandboxjs
(npm)
Jan 27, 2026
Picklescan does not block ctypes
High
GHSA-4675-36f9-wf6r
was published
for
picklescan
(pip)
Dec 29, 2025
n8n Vulnerable to Remote Code Execution via Expression Injection
Critical
CVE-2025-68613
was published
for
n8n
(npm)
Dec 22, 2025
Rack has a Possible Information Disclosure Vulnerability
Moderate
CVE-2025-61780
was published
for
rack
(RubyGems)
Oct 10, 2025
The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded.
High
CVE-2025-9905
was published
for
keras
(pip)
Sep 19, 2025
ProTip!
Advisories are also available from the
GraphQL API