Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,894
Maven
5,000+
npm
5,000+
NuGet
963
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,373
Swift
54
Unreviewed advisories
All unreviewed
5,000+

35 advisories

Loading
OpenStack Ironic: Pre-Validation Checksum Calculation allows Denial of Service (DoS) via Infinite Block Devices Moderate
CVE-2026-44919 was published for ironic (pip) May 14, 2026
GitHub Copilot CLI: Nested Bare Repository Can Execute Arbitrary Commands via core.fsmonitor High
CVE-2026-45033 was published for @github/copilot (npm) May 11, 2026
Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of... Low Unreviewed
CVE-2026-44600 was published May 7, 2026
kanidmd_lib: Image upload validators run before authorization; PNG validator panics on malformed input Moderate
GHSA-84jc-3hj2-hwc7 was published for kanidmd_lib (Rust) May 6, 2026
mbarbero Credited to mbarbero
OpenStack Horizon has Incorrect Behavior Order Moderate
CVE-2026-43002 was published for horizon (pip) May 5, 2026
Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the... Moderate Unreviewed
CVE-2026-41254 was published Apr 18, 2026
In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes... Moderate Unreviewed
CVE-2026-40223 was published Apr 10, 2026
OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability... High Unreviewed
CVE-2026-35636 was published Apr 10, 2026
Duplicate Advisory: OpenClaw: Nostr inbound DMs could trigger unauthenticated crypto work before sender policy enforcement Moderate
GHSA-2j53-2c28-g9v2 was published for openclaw (npm) Apr 10, 2026 withdrawn
Duplicate Advisory: OpenClaw: Tlon cite expansion happens before channel and DM authorization is complete Moderate
GHSA-p6j4-wvmc-vx2h was published for openclaw (npm) Apr 10, 2026 withdrawn
Duplicate Advisory: OpenClaw: Feishu webhook reads and parses unauthenticated request bodies before signature validation Moderate
GHSA-8f9r-gr6r-x63q was published for openclaw (npm) Apr 10, 2026 withdrawn
In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within... Low Unreviewed
CVE-2026-35386 was published Apr 2, 2026
OpenClaw: Mattermost callback dispatch allowed non-allowlisted sender actions Moderate
CVE-2026-35652 was published for openclaw (npm) Mar 26, 2026
zpbrent Credited to zpbrent
Unallocated memory access vulnerability in print processing of Generic Plus PCL6 Printer Driver /... Moderate Unreviewed
CVE-2025-9904 was published Sep 29, 2025
The improper order of AUTHORIZED_CTM_IP validation in the Control-M/Agent, where the Control-M... Moderate Unreviewed
CVE-2025-55114 was published Sep 16, 2025
Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can... Moderate Unreviewed
CVE-2025-48965 was published Jul 20, 2025
In WhiteBeam 0.2.0 through 0.2.1 before 0.2.2, a user with local access to a server can bypass... Moderate Unreviewed
CVE-2021-47688 was published Jun 23, 2025
Incorrect behavior order for some Intel(R) Core™ Ultra Processors may allow an unauthenticated... Moderate Unreviewed
CVE-2025-20012 was published May 13, 2025
GraphQL grant on a property might be cached with different objects High
CVE-2025-31485 was published for api-platform/core (Composer) Apr 4, 2025
ausi Credited to ausi, alanpoulain, soyuka, and Fafabian alanpoulain alanpoulain
soyuka soyuka Fafabian Fafabian
Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an... High Unreviewed
CVE-2025-0150 was published Mar 11, 2025
MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11... Moderate Unreviewed
CVE-2023-52968 was published Mar 9, 2025
An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user... Moderate Unreviewed
CVE-2024-45157 was published Sep 5, 2024
Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM)... High Unreviewed
CVE-2024-24853 was published Aug 14, 2024
An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper... Moderate Unreviewed
CVE-2024-30389 was published Apr 12, 2024
An Incorrect Behavior Order in the routing engine (RE) of Juniper Networks Junos OS on EX4300... Moderate Unreviewed
CVE-2024-30410 was published Apr 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database