Advisories for Npm/Openlearnx package

2026

OpenLearnX: Critical Authentication Bypass via JWT Signature Verification Disabled Leading to Account Takeover

Overview A critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access to user accounts under specific conditions. The issue has been fixed. Advisory: https://github.com/th30d4y/OpenLearnX/security/advisories/GHSA-223g-f5mq-gw33

OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment

Overview A critical Remote Code Execution (RCE) vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. The issue has been fixed.