Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

233 advisories

Loading
OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection... Moderate Unreviewed
CVE-2026-53838 was published Jun 13, 2026
Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use (TOCTOU) race condition... Moderate Unreviewed
CVE-2026-49958 was published Jun 9, 2026
Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an... Moderate Unreviewed
CVE-2026-45647 was published Jun 9, 2026
Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent... Moderate Unreviewed
CVE-2025-59610 was published Jun 2, 2026
In geniezone, there is a possible out of bounds write due to a race condition. This could lead to... Moderate Unreviewed
CVE-2026-20454 was published Jun 1, 2026
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix node_cnt race... Moderate Unreviewed
CVE-2026-46194 was published May 28, 2026
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix... Moderate Unreviewed
CVE-2026-46159 was published May 28, 2026
A flaw was found in Keycloak. An authenticated administrator with the `manage-clients` role can... Moderate Unreviewed
CVE-2026-9796 was published May 28, 2026
Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap Moderate
CVE-2026-41568 was published for github.com/docker/docker (Go) May 18, 2026
manizada Credited to manizada and vvoland vvoland vvoland
AVideo CVE-2026-43884 incomplete fix - six (or more) `isSSRFSafeURL()` call sites still discard the `$resolvedIP` out-param at master HEAD post-`603e7bf` Moderate
CVE-2026-45619 was published for WWBN/AVideo (Composer) May 15, 2026
SnailSploit Credited to SnailSploit
csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU... Moderate Unreviewed
CVE-2026-41051 was published May 13, 2026
Due to multiple time-of-check time-of-use race conditions in the resource count check and... Moderate Unreviewed
CVE-2025-69233 was published May 8, 2026
Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes Moderate
CVE-2026-42592 was published for github.com/gotenberg/gotenberg/v8 (Go) May 7, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Duplicate Advisory: OpenClaw: OpenShell FS bridge writes stay pinned to the sandbox mount root Moderate
GHSA-6f72-9gxx-98mj was published for openclaw (npm) May 6, 2026 withdrawn
Duplicate Advisory: OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes Moderate
GHSA-frr5-j3mh-h9ch was published for openclaw (npm) May 6, 2026 withdrawn
Duplicate Advisory: OpenClaw: Browser SSRF hostname validation could be bypassed by DNS rebinding Moderate
GHSA-w7rc-vvgx-pj45 was published for openclaw (npm) May 6, 2026 withdrawn
A race condition exists in PaperCut MF when processing badge-swipe data from certain HP... Moderate Unreviewed
CVE-2026-6180 was published May 5, 2026
OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes Moderate
CVE-2026-44113 was published for openclaw (npm) May 4, 2026
VladimirEliTokarev Credited to VladimirEliTokarev
OpenClaw: OpenShell FS bridge writes stay pinned to the sandbox mount root Moderate
CVE-2026-44112 was published for openclaw (npm) May 4, 2026
VladimirEliTokarev Credited to VladimirEliTokarev
In the Linux kernel, the following vulnerability has been resolved: xfs: close crash window in... Moderate Unreviewed
CVE-2026-43053 was published May 1, 2026
In the Linux kernel, the following vulnerability has been resolved: smb: client: make use of... Moderate Unreviewed
CVE-2026-31535 was published Apr 24, 2026
OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to... Moderate Unreviewed
CVE-2026-41360 was published Apr 24, 2026
Duplicate Advisory: OpenClaw: Voice-call Plivo replay mutates in-process callback origin before replay rejection Moderate
GHSA-cw28-63x4-37c3 was published for openclaw (npm) Apr 24, 2026 withdrawn
OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file... Moderate Unreviewed
CVE-2026-41338 was published Apr 24, 2026
uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition Moderate
CVE-2026-35374 was published for coreutils (Rust) Apr 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database