GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
149,730 advisories
OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender
Moderate
GHSA-ffq5-qpvf-xq7x
was published
for
openc3
(RubyGems)
Apr 22, 2026
OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenames
Moderate
GHSA-4jvx-93h3-f45h
was published
for
openc3
(RubyGems)
Apr 22, 2026
OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence
High
GHSA-wgx6-g857-jjf7
was published
for
openc3
(RubyGems)
Apr 22, 2026
OpenMcdf has an Infinite loop DoS via crafted CFB directory cycle
Moderate
CVE-2026-41511
was published
for
OpenMcdf
(NuGet)
Apr 22, 2026
Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write
High
GHSA-r466-rxw4-3j9j
was published
for
@evomap/evolver
(npm)
Apr 22, 2026
Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution
Critical
GHSA-j5w5-568x-rq53
was published
for
@evomap/evolver
(npm)
Apr 22, 2026
Evolver has Prototype Pollution via `Object.assign()` in its mailbox store operations
Moderate
GHSA-2cjr-5v3h-v2w4
was published
for
@evomap/evolver
(npm)
Apr 22, 2026
ProTip!
Advisories are also available from the
GraphQL API