Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,151
Maven
5,000+
npm
5,000+
NuGet
859
pip
4,450
Pub
12
RubyGems
991
Rust
1,179
Swift
50
Unreviewed advisories
All unreviewed
5,000+

585 advisories

Loading
Illustrator versions 29.8.4, 30.1 and earlier are affected by an Untrusted Search Path... High Unreviewed
CVE-2026-21333 was published Mar 11, 2026
Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally. High Unreviewed
CVE-2026-25190 was published Mar 10, 2026
A weakness has been identified in UltraVNC 1.6.4.0 on Windows. This affects an unknown function... High Unreviewed
CVE-2026-3787 was published Mar 9, 2026
OpenClaw's `tools.exec.safeBins` PATH-hijack allowed trojan binaries to bypass allowlist checks High
GHSA-g75x-8qqm-2vxp was published for openclaw (npm) Mar 3, 2026
jackhax Credited to jackhax
OpenClaw's shell env fallback trusts unvalidated SHELL path from host environment Moderate
GHSA-f8mp-vj46-cq8v was published for openclaw (npm) Mar 3, 2026
athuljayaram Credited to athuljayaram
OpenClaw's tools.exec.safeBins trusted PATH directories allowed binary shadowing in allowlist mode Moderate
GHSA-qhrr-grqp-6x2g was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: system.run approvals did not bind PATH-token executable identity, enabling post-approval executable rebind High
GHSA-q399-23r3-hfx4 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
ERP developed by eAI Technologies has a DLL Hijacking vulnerability, allowing authenticated local... High Unreviewed
CVE-2026-2998 was published Feb 23, 2026
A weakness has been identified in Total VPN 0.5.29.0 on Windows. Affected by this vulnerability... High Unreviewed
CVE-2026-2542 was published Feb 16, 2026
A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25.... High Unreviewed
CVE-2026-2538 was published Feb 16, 2026
A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4 on 32-bit... High Unreviewed
CVE-2026-2516 was published Feb 15, 2026
A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the... High Unreviewed
CVE-2025-15569 was published Feb 10, 2026
Tanium addressed an improper input validation vulnerability in Tanium Appliance. Low Unreviewed
CVE-2025-15321 was published Feb 5, 2026
IBM App Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery) and 12.0 LTS ... Moderate Unreviewed
CVE-2025-13491 was published Feb 5, 2026
A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead... High Unreviewed
CVE-2026-0662 was published Feb 4, 2026
An untrusted search path vulnerability has been identified in the Embedded Solutions Framework in... Critical Unreviewed
CVE-2025-65078 was published Feb 3, 2026
OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking High
CVE-2026-24051 was published for go.opentelemetry.io/otel/sdk (Go) Feb 2, 2026
MorielHarush Credited to MorielHarush, pellared, and arminru pellared pellared
arminru arminru
During the installation of the Native Access application, a privileged helper `com.native... High Unreviewed
CVE-2026-24070 was published Feb 2, 2026
SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal High
CVE-2026-25992 was published for github.com/siyuan-note/siyuan/kernel (Go) Jan 28, 2026
EaEa0001 Credited to EaEa0001
pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip) Moderate
CVE-2026-23888 was published for pnpm (npm) Jan 26, 2026
mldangelo Credited to mldangelo and mgol mgol mgol
Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untrusted Search Path... High Unreviewed
CVE-2026-21280 was published Jan 13, 2026
Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally. High Unreviewed
CVE-2026-20943 was published Jan 13, 2026
An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local... High Unreviewed
CVE-2025-12793 was published Jan 6, 2026
LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities... High Unreviewed
CVE-2019-25257 was published Dec 24, 2025
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and... High Unreviewed
CVE-2025-64785 was published Dec 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database