Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

182 advisories

Loading
OpenClaw: Sandbox `writeFile` commit could race outside the validated path Moderate
GHSA-xvx8-77m6-gwg6 was published for openclaw (npm) Mar 13, 2026
qi-scape Credited to qi-scape
OpenClaw's skills-install-download can be redirected outside the tools root by rebinding the validated base path Moderate
GHSA-vhwf-4x96-vqx2 was published for openclaw (npm) Mar 12, 2026
tdjackey Credited to tdjackey
OpenClaw's system.run approvals did not bind mutable script operands across approval and execution Moderate
GHSA-8g75-q649-6pv6 was published for openclaw (npm) Mar 12, 2026
tdjackey Credited to tdjackey
Time-of-check time-of-use race condition in the UEFI PdaSmm module for some Intel(R) reference... Moderate Unreviewed
CVE-2025-22850 was published Mar 11, 2026
OpenClaw: Unified root-bound write hardening for browser output and related path-boundary flows Moderate
GHSA-3pxq-f3cp-jmxp was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
In MDDP, there is a possible system crash due to a race condition. This could lead to local... Moderate Unreviewed
CVE-2026-20445 was published Mar 2, 2026
In MAE, there is a possible out of bounds write due to a race condition. This could lead to local... Moderate Unreviewed
CVE-2026-20438 was published Mar 2, 2026
Craft CMS Race condition in Token Service potentially allows for token usage greater than the token limit Moderate
CVE-2026-27128 was published for craftcms/cms (Composer) Feb 23, 2026
vitalysim Credited to vitalysim
Indico has Server-Side Request Forgery (SSRF) in multiple places Moderate
CVE-2026-25738 was published for indico (pip) Feb 17, 2026
rahulgovind Credited to rahulgovind, inkz, and yueyueL inkz inkz
yueyueL yueyueL
A Time-of-check time-of-use (TOCTOU) race condition in the SMM communications buffer could allow... Moderate Unreviewed
CVE-2024-36311 was published Feb 10, 2026
miniserve affected by a TOCTOU and symlink race vulnerability Moderate
CVE-2025-67124 was published for miniserve (Rust) Jan 23, 2026
A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC... Moderate Unreviewed
CVE-2026-21912 was published Jan 15, 2026
Outray cli is vulnerable to race conditions in tunnels creation Moderate
CVE-2026-22820 was published for outray (npm) Jan 13, 2026
gr33pp Credited to gr33pp and SENSEiXENUS SENSEiXENUS SENSEiXENUS
filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock Moderate
CVE-2026-22701 was published for filelock (pip) Jan 13, 2026
tsigouris007 Credited to tsigouris007
Memory corruption while handling sensor utility operations. Moderate Unreviewed
CVE-2025-47344 was published Jan 7, 2026
Memory corruption while processing a config call from userspace. Moderate Unreviewed
CVE-2025-47332 was published Jan 7, 2026
Nest has a Fastify URL Encoding Middleware Bypass (TOCTOU) Moderate
CVE-2025-69211 was published for @nestjs/platform-fastify (npm) Dec 30, 2025
filelock has a TOCTOU race condition which allows symlink attacks during lock file creation Moderate
CVE-2025-68146 was published for filelock (pip) Dec 16, 2025
tsigouris007 Credited to tsigouris007 and gaborbernat gaborbernat gaborbernat
TOCTOU  in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files... Moderate Unreviewed
CVE-2025-9810 was published Dec 8, 2025
Time-of-check time-of-use race condition for some Intel Ethernet Adapter Complete Driver Pack... Moderate Unreviewed
CVE-2025-31146 was published Nov 11, 2025
Time-of-check time-of-use race condition for some ACAT before version 3.13 within Ring 3: User... Moderate Unreviewed
CVE-2025-27725 was published Nov 11, 2025
In JetBrains dotTrace before 2025.2.5 local privilege escalation possible via race condition Moderate Unreviewed
CVE-2025-64457 was published Nov 10, 2025
In wlan STA driver, there is a possible out of bounds read due to a race condition. This could... Moderate Unreviewed
CVE-2025-20740 was published Nov 4, 2025
Creative Cloud Desktop versions 6.7.0.278 and earlier are affected by a Time-of-check Time-of-use... Moderate Unreviewed
CVE-2025-54271 was published Oct 15, 2025
A race condition exists in the Falcon sensor for Windows that could allow an attacker, with the... Moderate Unreviewed
CVE-2025-42701 was published Oct 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database