GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
72 advisories
PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)
Critical
CVE-2026-47392
was published
for
PraisonAI
(pip)
May 29, 2026
NodeVM builtin denylist bypass via process and inspector/promises allows host code execution
Critical
CVE-2026-47140
was published
for
vm2
(npm)
May 29, 2026
Formie: Pre-authenticated server-side template injection in Hidden fields
Critical
CVE-2026-45697
was published
for
verbb/formie
(Composer)
May 18, 2026
vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution
Critical
CVE-2026-44007
was published
for
vm2
(npm)
May 7, 2026
VM2 Has Sandbox Breakout Through Inspect Function
Critical
CVE-2026-24781
was published
for
vm2
(npm)
May 5, 2026
VM2 Has Sandbox Breakout Through Promise Species
Critical
CVE-2026-24120
was published
for
vm2
(npm)
May 5, 2026
VM2 Sandbox Breakout Through __lookupGetter__
Critical
CVE-2026-24118
was published
for
vm2
(npm)
May 4, 2026
PraisonAI has sandbox escape via exception frame traversal in `execute_code` (subprocess mode)
Critical
CVE-2026-39888
was published
for
praisonaiagents
(pip)
Apr 8, 2026
SandboxJS: Sandbox integrity escape
Critical
CVE-2026-34208
was published
for
@nyariv/sandboxjs
(npm)
Apr 3, 2026
PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code
Critical
CVE-2026-34938
was published
for
praisonaiagents
(pip)
Apr 1, 2026
Scriban: Sandbox escape due to TypedObjectAccessorcache bypassing MemberFilter after TemplateContext reuse
Critical
GHSA-5wr9-m6jw-xx44
was published
for
scriban
(NuGet)
Mar 24, 2026
PickleScan has multiple stdlib modules with direct RCE not in blocklist
Critical
GHSA-g38g-8gr9-h9xp
was published
for
picklescan
(pip)
Mar 3, 2026
PickleScan's pkgutil.resolve_name has a universal blocklist bypass
Critical
GHSA-vvpj-8cmc-gx39
was published
for
picklescan
(pip)
Mar 3, 2026
n8n Merge Node has Arbitrary File Write leading to RCE
Critical
CVE-2026-25056
was published
for
n8n
(npm)
Feb 4, 2026
ProTip!
Advisories are also available from the
GraphQL API