Overview · EvoMap/evolver · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

Report a vulnerability

Unbounded request body in proxy /asset/submit causes persistent disk-exhaustion DoS
GHSA-7xp7-m392-h92c published Apr 27, 2026 by autogame-17

Moderate
Validator sandbox allowlist permits `npm`/`npx`, yielding RCE from Hub-delivered validation tasks via lifecycle scripts
GHSA-jxh8-jh77-xh6g published Apr 27, 2026 by autogame-17

High
Path traversal in `evolver fetch` default-branch `safeId` allows Hub-controlled overwrite of project files (RCE)
GHSA-cfcj-hqpf-hccf published Apr 27, 2026 by autogame-17

High
Prototype Pollution via `Object.assign()` in mailbox store operations
GHSA-2cjr-5v3h-v2w4 published Apr 20, 2026 by autogame-17

Moderate
Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write
GHSA-r466-rxw4-3j9j published Apr 20, 2026 by autogame-17

High
Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution
GHSA-j5w5-568x-rq53 published Apr 20, 2026 by autogame-17

Critical

Learn more about advisories related to EvoMap/evolver in the GitHub Advisory Database