Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

5 advisories

Loading
FlowiseAI: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape Critical
CVE-2026-46442 was published for flowise (npm) May 14, 2026
ESPanda666 Credited to ESPanda666
Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure) Moderate
CVE-2026-43995 was published for flowise (npm) Apr 16, 2026
ESPanda666 Credited to ESPanda666
n8n's Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay High
CVE-2026-42226 was published for n8n (npm) Apr 29, 2026
ESPanda666 Credited to ESPanda666
Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure) High
CVE-2026-41272 was published for flowise (npm) Apr 16, 2026
ESPanda666 Credited to ESPanda666 and JLLeitschuh JLLeitschuh JLLeitschuh
OpenHands is Vulnerable to Command Injection through its Git Diff Handler High
CVE-2026-33718 was published for openhands (pip) Mar 25, 2026
yueyueL Credited to yueyueL and ESPanda666 ESPanda666 ESPanda666
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database