Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,426
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,670
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

19 advisories

Loading
Parse Server has an MFA single-use token bypass via concurrent authData login requests Low
CVE-2026-34224 was published for parse-server (npm) Mar 29, 2026
offset Credited to offset and mtrezza mtrezza mtrezza
Handlebars.js has a Property Access Validation Bypass in container.lookup Low
GHSA-442j-39wm-28r2 was published for handlebars (npm) Mar 29, 2026
TinkAnet Credited to TinkAnet
Parse Server: MFA recovery code single-use bypass via concurrent requests Low
CVE-2026-33624 was published for parse-server (npm) Mar 24, 2026
mtrezza Credited to mtrezza and spbavarva spbavarva spbavarva
Parse Server has a password reset token single-use bypass via concurrent requests Low
CVE-2026-32943 was published for parse-server (npm) Mar 17, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
OpenClaw: Microsoft Teams media fetch paths bypass shared SSRF guard model Low
GHSA-7qf6-h84j-8fq4 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
Mattermost doesn't properly validate channel membership at the time of data retrieval Low
CVE-2026-20796 was published for github.com/mattermost/mattermost-server (Go) Feb 13, 2026
Keycloak does not validate and update refresh token usage atomically Low
CVE-2026-1035 was published for org.keycloak:keycloak-services (Maven) Jan 21, 2026
Turbo Frame responses can restore stale session cookies Low
CVE-2025-66803 was published for @hotwired/turbo (npm) Jan 20, 2026
domchristie Credited to domchristie, packagethief, and samoli packagethief packagethief
samoli samoli
NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration file Low
CVE-2025-46328 was published for snowflake-sdk (npm) Apr 28, 2025
Go Snowflake Driver has race condition when checking access to Easy Logging configuration file Low
CVE-2025-46327 was published for github.com/snowflakedb/gosnowflake (Go) Apr 28, 2025
Snowflake Connector for .NET has race condition when checking access to Easy Logging configuration file Low
CVE-2025-46326 was published for Snowflake.Data (NuGet) Apr 28, 2025
Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability Low
CVE-2025-24432 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability Low
CVE-2025-24430 was published for magento/community-edition (Composer) Feb 11, 2025
Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations Low
CVE-2024-47813 was published for wasmtime (Rust) Oct 9, 2024
fitzgen Credited to fitzgen and alexcrichton alexcrichton alexcrichton
topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all Low
GHSA-f2wx-xjfw-xjv6 was published for topgrade (Rust) Jul 17, 2023
signed-log Credited to signed-log
Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all Low
GHSA-mc8h-8q98-g5hr was published for remove_dir_all (Rust) Feb 24, 2023
etcd vulnerable to TOCTOU of gateway endpoint authentication Low
GHSA-h8g9-6gvh-5mrc was published for go.etcd.io/etcd/v3 (Go) Oct 6, 2022
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr Low
CVE-2017-18869 was published for chownr (npm) Feb 10, 2022
tdunlap607 Credited to tdunlap607
Potential proxy IP restriction bypass in Kubernetes Low
CVE-2020-8562 was published for k8s.io/kubernetes (Go) Feb 2, 2022
enj Credited to enj
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database