Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
RestrictedPython guard hooks can be shadowed via positional-only arguments
Mistune renderers/html.safe_url: HARMFUL_PROTOCOLS list misses legacy and chained schemes that historically chain to `javascript:` execution
OpenClaw < 2026.5.28 - Credential Override via Workspace Dotenv Files
Fickling check_safety() bypass via unlisted standard library modules (_posixsubprocess, site, atexit)
n8n - AST Validator Bypass in Python Code Node
Picklescan - Arbitrary Code Execution via Unsafe Numpy Function Detection Bypass
Kestra: Unauthenticated Remote Code Execution via Authentication Bypass in `AuthenticationFilter`
File Browser: Command Allowlist Bypass via Shell Metacharacter Injection
Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247
SiYuan: Stored XSS in Bazaar marketplace via package README event handlers
Mastodon: SSRF protection bypass on older Ruby versions
Ghost: Private IP filtering bypass to make server-side requests to internal services
jackson-databind: PolymorphicTypeValidator bypass via generic type parameters allows arbitrary class instantiation
jackson-databind: Array subtype allowlist bypass in BasicPolymorphicTypeValidator (allowIfSubTypeIsArray)
picklescan - Remote Code Execution via Unblocked Standard Library Modules
picklescan - Remote Code Execution via timeit.timeit() Detection Bypass
picklescan - Arbitrary Code Execution via profile.run() Blocklist Bypass
picklescan - Remote Code Execution via Unblocked ctypes Module
picklescan - Remote Code Execution via Incomplete Disallowed Inputs
OpenHuman desktop agent shell tool sandbox bypass leads to arbitrary command execution
Showing 1 - 20 of 1,000+ results