Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
42
Go
3,121
Maven
5,000+
npm
5,000+
NuGet
826
pip
4,428
Pub
12
RubyGems
988
Rust
1,171
Swift
50
Unreviewed advisories
All unreviewed
5,000+

479 advisories

Loading
CoreDNS ACL Bypass High
CVE-2026-26017 was published for github.com/coredns/coredns (Go) Mar 6, 2026
YOUNEVSKY Credited to YOUNEVSKY
Avira Internet Security contains a time-of-check time-of-use (TOCTOU) vulnerability in the... High Unreviewed
CVE-2026-27750 was published Mar 5, 2026
OpenClaw: Microsoft Teams media fetch paths bypass shared SSRF guard model Low
GHSA-7qf6-h84j-8fq4 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: ZIP extraction race could write outside destination via parent symlink rebind High
GHSA-r54r-wmmq-mh84 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: Unified root-bound write hardening for browser output and related path-boundary flows Moderate
GHSA-3pxq-f3cp-jmxp was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's web tools strict URL guard could lose DNS pinning when env proxy is configured High
GHSA-8mvx-p2r9-r375 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host High
GHSA-mwcg-wfq3-4gjc was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: Node system.run approval bypass via parent-symlink cwd rebind High
GHSA-f7ww-2725-qvw2 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw: system.run approvals did not bind PATH-token executable identity, enabling post-approval executable rebind High
GHSA-q399-23r3-hfx4 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw: Sandbox media TOCTOU could read files outside sandbox root High
GHSA-7xmq-g46g-f8pv was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw's TOCTOU symlink race in writeFileWithinRoot could create or truncate files outside root boundaries High
GHSA-x82f-27x3-q89c was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
In MDDP, there is a possible system crash due to a race condition. This could lead to local... Moderate Unreviewed
CVE-2026-20445 was published Mar 2, 2026
In MAE, there is a possible out of bounds write due to a race condition. This could lead to local... Moderate Unreviewed
CVE-2026-20438 was published Mar 2, 2026
A time-of-create-to-time-of-use (TOCTOU) vulnerability lets recently deleted-then-recreated data... Low Unreviewed
CVE-2026-21725 was published Feb 25, 2026
Craft CMS Race condition in Token Service potentially allows for token usage greater than the token limit Moderate
CVE-2026-27128 was published for craftcms/cms (Composer) Feb 23, 2026
vitalysim Credited to vitalysim
Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding High
CVE-2026-27127 was published for craftcms/cms (Composer) Feb 23, 2026
RajChowdhury240 Credited to RajChowdhury240 and rlarabee rlarabee rlarabee
Indico has Server-Side Request Forgery (SSRF) in multiple places Moderate
CVE-2026-25738 was published for indico (pip) Feb 17, 2026
rahulgovind Credited to rahulgovind, inkz, and yueyueL inkz inkz
yueyueL yueyueL
Mattermost doesn't properly validate channel membership at the time of data retrieval Low
CVE-2026-20796 was published for github.com/mattermost/mattermost-server (Go) Feb 13, 2026
Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that... High Unreviewed
CVE-2026-26224 was published Feb 13, 2026
A race condition was addressed with improved handling of symbolic links. This issue is fixed in... Critical Unreviewed
CVE-2026-20677 was published Feb 12, 2026
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow... High Unreviewed
CVE-2023-20548 was published Feb 11, 2026
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow... High Unreviewed
CVE-2023-31324 was published Feb 11, 2026
A Time-of-check time-of-use (TOCTOU) race condition in the SMM communications buffer could allow... Moderate Unreviewed
CVE-2024-36311 was published Feb 10, 2026
Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized... High Unreviewed
CVE-2026-21240 was published Feb 10, 2026
Local privilege escalation vulnerability via insecure temporary batch file execution in ESET... High Unreviewed
CVE-2025-13818 was published Feb 6, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database