Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

257 advisories

Loading
OpenClaw: Sandbox staged writes could escape the verified parent directory before commit High
GHSA-mj4p-rc52-m843 was published for openclaw (npm) Mar 13, 2026
tdjackey Credited to tdjackey
OpenClaw: Unbound interpreter and runtime commands could bypass node-host approval integrity High
GHSA-xf99-j42q-5w5p was published for openclaw (npm) Mar 13, 2026
tdjackey Credited to tdjackey
OpenClaw: Sandbox dangling-symlink alias handling could bypass workspace-only write boundary High
GHSA-qcc4-p59m-p54m was published for openclaw (npm) Mar 12, 2026
tdjackey Credited to tdjackey
Time-of-check time-of-use race condition in the WheaERST SMM module for some Intel(R) reference... High Unreviewed
CVE-2025-20028 was published Mar 11, 2026
Sylius has a Promotion Usage Limit Bypass via Race Condition High
CVE-2026-31824 was published for sylius/sylius (Composer) Mar 11, 2026
whiteov3rflow Credited to whiteov3rflow and bnBart bnBart bnBart
If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS... High Unreviewed
CVE-2026-2364 was published Mar 10, 2026
CoreDNS ACL Bypass High
CVE-2026-26017 was published for github.com/coredns/coredns (Go) Mar 6, 2026
YOUNEVSKY Credited to YOUNEVSKY
Avira Internet Security contains a time-of-check time-of-use (TOCTOU) vulnerability in the... High Unreviewed
CVE-2026-27750 was published Mar 5, 2026
OpenClaw: ZIP extraction race could write outside destination via parent symlink rebind High
GHSA-r54r-wmmq-mh84 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's web tools strict URL guard could lose DNS pinning when env proxy is configured High
GHSA-8mvx-p2r9-r375 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host High
GHSA-mwcg-wfq3-4gjc was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: Node system.run approval bypass via parent-symlink cwd rebind High
GHSA-f7ww-2725-qvw2 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw: system.run approvals did not bind PATH-token executable identity, enabling post-approval executable rebind High
GHSA-q399-23r3-hfx4 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw: Sandbox media TOCTOU could read files outside sandbox root High
GHSA-7xmq-g46g-f8pv was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw's TOCTOU symlink race in writeFileWithinRoot could create or truncate files outside root boundaries High
GHSA-x82f-27x3-q89c was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding High
CVE-2026-27127 was published for craftcms/cms (Composer) Feb 23, 2026
RajChowdhury240 Credited to RajChowdhury240 and rlarabee rlarabee rlarabee
Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that... High Unreviewed
CVE-2026-26224 was published Feb 13, 2026
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow... High Unreviewed
CVE-2023-20548 was published Feb 11, 2026
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow... High Unreviewed
CVE-2023-31324 was published Feb 11, 2026
Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized... High Unreviewed
CVE-2026-21240 was published Feb 10, 2026
Local privilege escalation vulnerability via insecure temporary batch file execution in ESET... High Unreviewed
CVE-2025-13818 was published Feb 6, 2026
Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS High
CVE-2026-23950 was published for tar (npm) Jan 21, 2026
tomasilluminati Credited to tomasilluminati, ssushant0011, and urielcos ssushant0011 ssushant0011
urielcos urielcos
Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for... High Unreviewed
CVE-2026-20831 was published Jan 13, 2026
Time-of-check time-of-use (toctou) race condition in Windows Installer allows an authorized... High Unreviewed
CVE-2026-20816 was published Jan 13, 2026
A local privilege escalation vulnerability exists in SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5... High Unreviewed
CVE-2025-61037 was published Dec 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database