GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
27 advisories
Filter by severity
PraisonAI SandlockSandbox falls back to unrestricted subprocess execution when Landlock is unavailable
High
GHSA-6jcq-6546-qrrw
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI A2U incomplete authentication fix leaves current serve command unauthenticated by default
High
GHSA-jxcw-qp4h-6jfq
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI recipe workflow policy can be bypassed by declaring and YAML-approving dangerous tools outside TEMPLATE.yaml
High
GHSA-7qw2-w5rc-37x2
was published
for
praisonai
(pip)
Jun 18, 2026
npm PraisonAI utility shell safe-command wrapper allowlist bypass via shell chaining
High
GHSA-5jv7-2mjm-h6qj
was published
for
praisonai
(npm)
Jun 18, 2026
npm PraisonAI AgentLoop onToolCall approval runs after tool execution
High
GHSA-h2w2-v7j6-xqm4
was published
for
praisonai
(npm)
Jun 18, 2026
npm PraisonAI MCPServer exposes unauthenticated HTTP tools/call
Critical
GHSA-j4f3-55x4-r6q2
was published
for
praisonai
(npm)
Jun 18, 2026
npm PraisonAI AgentOS exposes unauthenticated agent listing and invocation
Critical
GHSA-9752-mhqh-h34f
was published
for
praisonai
(npm)
Jun 18, 2026
npm PraisonAI SandboxExecutor allowedCommands bypass via shell chaining
High
GHSA-vjv9-7m7j-h833
was published
for
praisonai
(npm)
Jun 18, 2026
npm PraisonAI codeMode sandbox escape via Function constructor
Critical
GHSA-vmmj-pfw7-fjwp
was published
for
praisonai
(npm)
Jun 18, 2026
npm PraisonAI SandboxExecutor network-isolated mode does not block non-proxy-aware network clients
High
GHSA-gqmf-56h7-rrpf
was published
for
praisonai
(npm)
Jun 18, 2026
npm PraisonAI MCPSecurity Basic/OAuth authentication policies accept invalid credentials without validation
High
GHSA-4qq2-2j2x-x62c
was published
for
praisonai
(npm)
Jun 18, 2026
PraisonAI GitHub template cache path traversal allows outside-cache file write and directory deletion
High
GHSA-f44v-7qgw-9gh9
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI Code agent tools fail open without a workspace boundary
High
GHSA-gcq3-mfvh-3x25
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI: AgentOS remains unauthenticated after incomplete fix version and allows remote agent invocation
Critical
GHSA-892r-p3jq-jp24
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI AgentTeam.launch exposes unauthenticated remote agent listing and invocation endpoints
Critical
GHSA-x8cv-xmq7-p8xp
was published
for
praisonaiagents
(pip)
Jun 18, 2026
PraisonAI: Jobs webhook SSRF protection bypass via DNS rebinding
High
GHSA-rjvw-7vvw-549v
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI: SpiderTools redirect-target SSRF protection bypass
Moderate
GHSA-6h9p-93hq-q7h6
was published
for
praisonaiagents
(pip)
Jun 18, 2026
PraisonAI: Compute-bridged file tools allow shell command injection
High
GHSA-w6h2-fr4q-xvxv
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI recipe.run_stream skips dangerous-tool policy enforcement
High
GHSA-v847-hxxw-3pxg
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI: HTTPApproval dashboard renders tool arguments as raw HTML, allowing approval-page XSS to approve dangerous tools
High
GHSA-63v4-w882-g4x2
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI LinearBot processes unsigned webhooks when LINEAR_WEBHOOK_SECRET is missing
High
GHSA-fc26-m9pf-v56q
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI dynamic-context artifact tools read arbitrary host files outside artifact storage
High
GHSA-j7qx-p75m-wp7g
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI Slack app_mention bypasses configured user/channel authorization
High
GHSA-qvpf-j64c-jmhr
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI recipe serve Typer command bypasses the non-localhost authentication guard
High
GHSA-5qw8-f2g9-ff29
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI ToolsMCPServer legacy SSE transport accepts attacker Host/Origin and exposes registered tools
High
GHSA-vmf9-xx9w-86wx
was published
for
praisonai
(pip)
Jun 18, 2026
ProTip!
Advisories are also available from the
GraphQL API