Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
74
GitHub Actions
54
Go
4,080
Maven
5,000+
npm
5,000+
NuGet
994
pip
5,000+
Pub
13
RubyGems
1,095
Rust
1,412
Swift
61
Unreviewed advisories
All unreviewed
5,000+

597 advisories

Loading
ChatterBot: Symlink-Following Arbitrary Write via UbuntuCorpusTrainer Moderate
GHSA-wvrh-2f4m-924v was published for ChatterBot (pip) Jun 19, 2026
AAtomical Credited to AAtomical
Crossplane: Signature verification TOCTOU allows installing unverified package content via mutable tag Critical
GHSA-wfqx-gjrf-g28r was published for github.com/crossplane/crossplane (Go) Jun 19, 2026
bugbunny-research Credited to bugbunny-research and tonghuaroot tonghuaroot tonghuaroot
CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance Moderate
CVE-2026-54777 was published for CoreWCF.NetNamedPipe (NuGet) Jun 19, 2026
undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse Low
CVE-2026-6733 was published for undici (npm) Jun 19, 2026
mcollina Credited to mcollina and UlisesGascon UlisesGascon UlisesGascon
PraisonAI: Jobs webhook SSRF protection bypass via DNS rebinding High
GHSA-rjvw-7vvw-549v was published for praisonai (pip) Jun 18, 2026
rexpository Credited to rexpository
Pi Agent: Race condition in Pi auth.json writes could expose stored credentials Low
CVE-2026-54327 was published for @earendil-works/pi-coding-agent (npm) Jun 17, 2026
urianpaul94 Credited to urianpaul94
A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's... High Unreviewed
CVE-2026-54228 was published Jun 13, 2026
OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection... Moderate Unreviewed
CVE-2026-53838 was published Jun 13, 2026
OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin... High Unreviewed
CVE-2026-53831 was published Jun 13, 2026
OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv... High Unreviewed
CVE-2026-53822 was published Jun 13, 2026
File Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-existent Path High
CVE-2026-54096 was published for github.com/filebrowser/filebrowser (Go) Jun 12, 2026
quart27219 Credited to quart27219, kimdu0, and hacdias kimdu0 kimdu0
hacdias hacdias
Appsmith Super User Creation Race Condition Allows Multiple Instance Administrators High
GHSA-9wcp-79g5-5c3c was published for com.appsmith:server (Maven) Jun 12, 2026
Moonster8282 Credited to Moonster8282
A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh... High Unreviewed
CVE-2026-50631 was published Jun 12, 2026
Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital... High Unreviewed
CVE-2026-24067 was published Jun 10, 2026
Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use (TOCTOU) race condition... Moderate Unreviewed
CVE-2026-49958 was published Jun 9, 2026
Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an... Moderate Unreviewed
CVE-2026-45647 was published Jun 9, 2026
Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service... High Unreviewed
CVE-2026-45487 was published Jun 9, 2026
Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation... High Unreviewed
CVE-2026-24065 was published Jun 9, 2026
A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0... High Unreviewed
CVE-2026-2638 was published Jun 9, 2026
Omni has a TOCTOU race condition that allows multiple concurrent uses of a single-use SAML session token High
CVE-2026-45720 was published for github.com/siderolabs/omni (Go) Jun 5, 2026
bugbunny-research Credited to bugbunny-research
SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TOCTOU) race condition that... High Unreviewed
CVE-2025-41259 was published Jun 3, 2026
A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13... High Unreviewed
CVE-2025-64390 was published Jun 2, 2026
Memory Corruption when accessing shared buffers without validation of concurrent user-mode input... High Unreviewed
CVE-2026-25260 was published Jun 2, 2026
Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent... Moderate Unreviewed
CVE-2025-59610 was published Jun 2, 2026
In geniezone, there is a possible out of bounds write due to a race condition. This could lead to... Moderate Unreviewed
CVE-2026-20454 was published Jun 1, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database