Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

83 advisories

Loading
OpenClaw's shell env fallback trusts unvalidated SHELL path from host environment Moderate
GHSA-f8mp-vj46-cq8v was published for openclaw (npm) Mar 3, 2026
athuljayaram Credited to athuljayaram
OpenClaw's tools.exec.safeBins trusted PATH directories allowed binary shadowing in allowlist mode Moderate
GHSA-qhrr-grqp-6x2g was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
IBM App Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery) and 12.0 LTS ... Moderate Unreviewed
CVE-2025-13491 was published Feb 5, 2026
pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip) Moderate
CVE-2026-23888 was published for pnpm (npm) Jan 26, 2026
mldangelo Credited to mldangelo and mgol mgol mgol
Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to... Moderate Unreviewed
CVE-2025-49642 was published Dec 1, 2025
The Qualys Cloud Agent included a bundled uninstall script (qagent_uninstall.sh), specific to... Moderate Unreviewed
CVE-2025-43079 was published Nov 10, 2025
Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated... Moderate Unreviewed
CVE-2025-49456 was published Aug 13, 2025
Apache Tomcat installer for Windows has an untrusted search path vulnerability Moderate
CVE-2025-49124 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 16, 2025
Perl threads have a working directory race condition where file operations may target unintended... Moderate Unreviewed
CVE-2025-40909 was published May 30, 2025
Local privilege escalation due to a binary hijacking vulnerability. The following products are... Moderate Unreviewed
CVE-2025-30407 was published Mar 27, 2025
In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure... Moderate Unreviewed
CVE-2025-29903 was published Mar 12, 2025
Local privilege escalation due to DLL hijacking vulnerability. The following products are... Moderate Unreviewed
CVE-2025-24828 was published Jan 31, 2025
Local privilege escalation due to DLL hijacking vulnerability. The following products are... Moderate Unreviewed
CVE-2025-24827 was published Jan 31, 2025
Local privilege escalation due to DLL hijacking vulnerability. The following products are... Moderate Unreviewed
CVE-2025-24829 was published Jan 31, 2025
Local privilege escalation due to DLL hijacking vulnerability. The following products are... Moderate Unreviewed
CVE-2025-24830 was published Jan 31, 2025
Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an... Moderate Unreviewed
CVE-2025-0145 was published Jan 30, 2025
A vulnerability, which was classified as problematic, has been found in libretro RetroArch up to... Moderate Unreviewed
CVE-2025-0459 was published Jan 14, 2025
pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion Moderate
CVE-2024-53866 was published for pnpm (npm) Dec 10, 2024
ChALkeR Credited to ChALkeR
Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management (ALM),Quality... Moderate Unreviewed
CVE-2023-32266 was published Oct 16, 2024
SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client... Moderate Unreviewed
CVE-2024-45281 was published Sep 10, 2024
An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated... Moderate Unreviewed
CVE-2024-5623 was published Aug 29, 2024
Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting... Moderate Unreviewed
CVE-2024-42439 was published Aug 14, 2024
Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the... Moderate Unreviewed
CVE-2024-36071 was published Jun 20, 2024
This vulnerability exists in AppSamvid software due to the usage of vulnerable and outdated... Moderate Unreviewed
CVE-2024-25103 was published Mar 6, 2024
Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This... Moderate Unreviewed
CVE-2023-6061 was published Dec 8, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database