Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,034
Maven
5,000+
npm
4,769
NuGet
824
pip
4,375
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

4,769 advisories

Loading
dottie is vulnerable to Prototype Pollution bypass via non-first path segments in set() and transform() Moderate
CVE-2026-27837 was published for dottie (npm) Feb 26, 2026
76embiid21
Credited to 76embiid21
n8n: Webhook Forgery on Github Webhook Trigger Moderate
GHSA-mqpr-49jj-32rc was published for n8n (npm) Feb 26, 2026
simonkoeck
Credited to simonkoeck
n8n: SQL Injection in MySQL, PostgreSQL, and Microsoft SQL nodes Moderate
GHSA-f3f2-mcxc-pwjx was published for n8n (npm) Feb 26, 2026
TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist High
CVE-2026-27818 was published for terriajs-server (npm) Feb 26, 2026
Storybook Dev Server is Vulnerable to WebSocket Hijacking High
CVE-2026-27148 was published for storybook (npm) Feb 26, 2026
Aikido-Security reindaelman
grumpinout1 JorianWoltjer
Credited to Aikido-Security, reindaelman, grumpinout1, and JorianWoltjer
Parse Server: Account takeover via JWT algorithm confusion in Google auth adapter Critical
CVE-2026-27804 was published for parse-server (npm) Feb 25, 2026
sebastianosrt mtrezza
Credited to sebastianosrt and mtrezza
LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader Moderate
CVE-2026-27795 was published for @langchain/community (npm) Feb 25, 2026
r3dbrothers hntrl
Credited to r3dbrothers and hntrl
Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline Critical
CVE-2026-27739 was published for @angular/ssr (npm) Feb 25, 2026
Yenya030 alan-agius4
securityMB AndrewKushnir josephperrott dgp1130
Credited to Yenya030, alan-agius4, securityMB, AndrewKushnir, josephperrott, and dgp1130
Angular SSR has an Open Redirect via X-Forwarded-Prefix Moderate
CVE-2026-27738 was published for @angular/ssr (npm) Feb 25, 2026
alan-agius4 josephperrott
securityMB AndrewKushnir dgp1130 VenkatKwest
Credited to alan-agius4, josephperrott, securityMB, AndrewKushnir, dgp1130, and VenkatKwest
Rollup 4 has Arbitrary File Write via Path Traversal High
CVE-2026-27606 was published for rollup (npm) Feb 25, 2026
viralvaghela
Credited to viralvaghela
Basic FTP has Path Traversal Vulnerability in its downloadToDir() method Critical
CVE-2026-27699 was published for basic-ftp (npm) Feb 25, 2026
thecasual
Credited to thecasual
Astro has memory exhaustion DoS due to missing request body size limit in Server Actions Moderate
CVE-2026-27729 was published for @astrojs/node (npm) Feb 25, 2026
pHo9UBenaA
Credited to pHo9UBenaA
n8n Vulnerable to Stored XSS via Various Nodes High
CVE-2026-27578 was published for n8n (npm) Feb 25, 2026
ori-ron Aikido-Security
nil340
Credited to ori-ron, Aikido-Security, and nil340
n8n: Expression Sandbox Escape Leads to RCE Critical
CVE-2026-27577 was published for n8n (npm) Feb 25, 2026
eilonc-pillar nil340
ediklab hackerman70000 zolbooo
Credited to eilonc-pillar, nil340, ediklab, hackerman70000, and zolbooo
n8n has Arbitrary Command Execution via File Write and Git Operations Critical
CVE-2026-27498 was published for n8n (npm) Feb 25, 2026
fatihhcelik
Credited to fatihhcelik
n8n has Potential Remote Code Execution via Merge Node Critical
CVE-2026-27497 was published for n8n (npm) Feb 25, 2026
allsmog nil340
Credited to allsmog and nil340
n8n has a Sandbox Escape in its JavaScript Task Runner Critical
CVE-2026-27495 was published for n8n (npm) Feb 25, 2026
c0rydoras
Credited to c0rydoras
n8n has Arbitrary File Read via Python Code Node Sandbox Escape High
CVE-2026-27494 was published for n8n (npm) Feb 25, 2026
MarcoPoloPie Nico-Posada
Credited to MarcoPoloPie and Nico-Posada
n8n has Unauthenticated Expression Evaluation via Form Node Critical
CVE-2026-27493 was published for n8n (npm) Feb 25, 2026
eilonc-pillar
Credited to eilonc-pillar
Parse Dashboard Has a Cache Key Collision that Leaks Master Key to Read-Only Sessions High
CVE-2026-27610 was published for parse-dashboard (npm) Feb 25, 2026
mtrezza
Credited to mtrezza
Parse Dashboard is Missing CSRF Protection for its Agent Endpoint High
CVE-2026-27609 was published for parse-dashboard (npm) Feb 25, 2026
mtrezza
Credited to mtrezza
Parse Dashboard is Missing Authorization for its Agent Endpoint Critical
CVE-2026-27608 was published for parse-dashboard (npm) Feb 25, 2026
mtrezza ByamB4
Credited to mtrezza and ByamB4
Budibase: Remote Code Execution via Unsafe eval() in View Filter Map Function (Budibase Cloud) Critical
CVE-2026-27702 was published for budibase (npm) Feb 25, 2026
vicevirus
Credited to vicevirus
Parse Dashboard has incomplete authentication on AI Agent endpoint Critical
CVE-2026-27595 was published for parse-dashboard (npm) Feb 25, 2026
ByamB4 mtrezza
Credited to ByamB4 and mtrezza
ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation Low
CVE-2026-22866 was published for @ensdomains/ens-contracts (npm) Feb 25, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database