Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

11 advisories

Loading
Prefect Git Argument Injection in GitRepository Pull Steps Low
CVE-2026-7725 was published for prefect (pip) May 4, 2026
nedlir Credited to nedlir
Prefect Unauthenticated Event Injection via /api/events/in WebSocket Moderate
CVE-2026-7723 was published for prefect (pip) May 4, 2026
nedlir Credited to nedlir
Prefect Auth Bypass via endswith() Health Check Exemption Moderate
CVE-2026-7722 was published for prefect (pip) May 4, 2026
nedlir Credited to nedlir
Prefect SSRF Bypass via DNS Rebinding in validate_restricted_url Low
CVE-2026-7724 was published for prefect (pip) May 4, 2026
nedlir Credited to nedlir
OpenClaw ACP client has permission auto-approval bypass via untrusted tool metadata Moderate
CVE-2026-32898 was published for openclaw (npm) Feb 27, 2026
nedlir Credited to nedlir
OpenClaw: Skill env override host env injection via applySkillConfigEnvOverrides (defense-in-depth) Moderate
CVE-2026-4039 was published for openclaw (npm) Feb 27, 2026
nedlir Credited to nedlir
OpenClaw safeBins file-existence oracle information disclosure Moderate
CVE-2026-4040 was published for openclaw (npm) Feb 19, 2026
nedlir Credited to nedlir
OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags Low
CVE-2026-31996 was published for openclaw (npm) Feb 19, 2026
nedlir Credited to nedlir
eBay API MCP Server Affected by Environment Variable Injection High
CVE-2026-27203 was published for ebay-mcp (npm) Feb 19, 2026
nedlir Credited to nedlir
Fabric.js Affected by Stored XSS via SVG Export High
CVE-2026-27013 was published for fabric (npm) Feb 18, 2026
nedlir Credited to nedlir
Tendenci Affected by Authenticated Remote Code Execution via Pickle Deserialization Moderate
CVE-2026-23946 was published for tendenci (pip) Jan 21, 2026
nedlir Credited to nedlir
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database