Executive Summary The Orca Research Pod has uncovered multiple attack vectors in GitHub Codespaces that allow remote code execution (RCE)...
A critical vulnerability (CVE-2026-21858, CVSS score 10.0) was disclosed affecting the n8n workflow automation platform, allowing attackers to remotely execute...
A critical vulnerability (CVE-2025-68664, CVSS 9.3) was disclosed affecting the LangChain open-source LLM framework, allowing attackers to steal sensitive data...
A high severity vulnerability (CVE-2025-14847, CVSS 7.5/8.7) was disclosed affecting MongoDB Server across a wide range of versions, allowing attackers...
A critical vulnerability (CVE-2025-68613, CVSS 9.9/10.0) was disclosed affecting the n8n workflow automation platform, allowing attackers to execute arbitrary code...
Following the previously disclosed React2Shell remote code execution vulnerabilities (React: CVE-2025-55182, Next.js: CVE-2025-66478, CVSS 10.0), additional security issues were identified...
Executive summary We have managed to successfully compromise repositories owned by Microsoft, Google, Nvidia and many more using a single...
Executive Summary: The Orca Research Pod has uncovered critical security risks across several high-profile open source repositories that relied on...
On August 26, 2025, the open-source ecosystem was shaken by a new supply chain attack that targeted Nx, a popular...
Personalized Demo
Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.
