Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,722
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,946
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

15 advisories

Loading
Context isolation bypass via contextBridge in Electron High
CVE-2020-4077 was published for electron (npm) Jul 7, 2020
Context isolation bypass via leaked cross-context objects in Electron High
CVE-2020-4076 was published for electron (npm) Jul 7, 2020
Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If... High Unreviewed
CVE-2023-28597 was published Jul 6, 2023
Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which... High Unreviewed
CVE-2023-0627 was published Sep 25, 2023
Visual Studio Code Python Extension Remote Code Execution Vulnerability High Unreviewed
CVE-2024-49050 was published Nov 12, 2024
kubevirt-csi: PersistentVolume allows access to HCP's root node High
CVE-2024-1725 was published for github.com/kubevirt/csi-driver (Go) Mar 7, 2024
Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events High
CVE-2025-64496 was published for open-webui (npm) Nov 7, 2025
vitalysim Credited to vitalysim
Universal Tool Calling Protocol (UTCP) client library for Python vulnerable to Trust Boundary Violation through Manual JSON specification High
CVE-2025-14542 was published for utcp (pip) Dec 13, 2025
Duplicate Advisory: Sandbox escape in Artemis Java Test Sandbox High
GHSA-hj55-9jmv-9jrj was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 19, 2024 withdrawn
Class Loading Vulnerability in Artemis High
CVE-2024-23682 was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Feb 9, 2022
juliuskreutz Credited to juliuskreutz
Claude Code has Sandbox Escape via Persistent Configuration Injection in settings.json High
CVE-2026-25725 was published for @anthropic-ai/claude-code (npm) Feb 6, 2026
Open Cluster Management vulnerable to Trust Boundary Violation High
CVE-2024-9779 was published for open-cluster-management.io/ocm (Go) Dec 18, 2024
OpenClaw: Lower-trust background runtime output is injected into trusted `System:` events, and local async exec completion misses the intended `exec-event` downgrade High
GHSA-gfmx-pph7-g46x was published for openclaw (npm) Apr 9, 2026
tdjackey Credited to tdjackey
OpenClaw: Authenticated `/hooks/wake` and mapped `wake` payloads are promoted into the trusted `System:` prompt channel High
GHSA-jf56-mccx-5f3f was published for openclaw (npm) Apr 9, 2026
tdjackey Credited to tdjackey
gitoxide: CommandForbiddenInModulesConfiguration Bypass in gix_submodule::File::update() Enables Arbitrary Command Execution via .gitmodules High
GHSA-f26g-jm89-4g65 was published for gix (Rust) May 5, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database