Search Vulnerabilities

LangGraph Checkpoint: Unsafe JSON deserialization in checkpoint loading

vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass

vm2: Sandbox Breakout Using Promise Species

vm2: GHSA-8hg8-63c5-gwmx patch bypass: nesting:true without explicit require still allows full RCE

vm2: Sandbox Escape

An issue was discovered in all versions of PCManFM-Qt starting from 1

PraisonAI MCP `tools/call` path-traversal and RCE via Python `.pth` injection

Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting

z-9527 admin User Update Endpoint user.js dynamically-determined object attributes

gougucms User Registration Login.php reg_submit dynamically-determined object attributes

NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node

Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names

Apache Airflow Providers Http: Unsafe Pickle Deserialization in apache-airflow-providers-http leading to RCE via HttpOperator

n8n Has an Expression Escape Vulnerability Leading to RCE

Improper Control of Dynamically-Managed Code Resources in Crafter Studio

SandboxJS has Sandbox Escape via Unprotected AsyncFunction Constructor

vm2 has a Sandbox Escape

Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE)

n8n Vulnerable to Remote Code Execution via Expression Injection

SamuNatsu HaloBot Inter-plugin API index.js html_renderer dynamically-managed code resources