Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,272
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,521
Pub
12
RubyGems
1,007
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

314 advisories

Loading
Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications High
CVE-2026-28779 was published for apache-airflow (pip) Mar 17, 2026
OpenClaw: Gateway `agent` calls could override the workspace boundary High
GHSA-2rqg-gjgv-84jm was published for openclaw (npm) Mar 13, 2026
tdjackey Credited to tdjackey
AVideo: Unauthenticated PHP session store exposed to host network via published memcached port High
CVE-2026-29093 was published for wwbn/avideo (Composer) Mar 5, 2026
bugbunny-research Credited to bugbunny-research
OpenClaw: Hardlink alias checks could bypass workspace-only file boundaries in specific configurations High
GHSA-3jx4-q2m7-r496 was published for openclaw (npm) Mar 4, 2026
tdjackey Credited to tdjackey
Claude Code has Sandbox Escape via Persistent Configuration Injection in settings.json High
CVE-2026-25725 was published for @anthropic-ai/claude-code (npm) Feb 6, 2026
n8n's Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner High
CVE-2025-61917 was published for n8n (npm) Feb 4, 2026
OpenClaw/Clawdbot has 1-Click RCE via Authentication Token Exfiltration From gatewayUrl High
CVE-2026-25253 was published for clawdbot (npm) Feb 2, 2026
DepthFirstDisclosures Credited to DepthFirstDisclosures, 0xacb, and mavlevin 0xacb 0xacb
mavlevin mavlevin
In the Linux kernel, the following vulnerability has been resolved: media: i2c: max9286: fix... High Unreviewed
CVE-2022-49509 was published Jan 22, 2026
VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier,... High Unreviewed
CVE-2026-23763 was published Jan 22, 2026
Agno session state overwrites between different sessions/users High
CVE-2025-64168 was published for agno (pip) Oct 31, 2025
JasonLovesDoggo Credited to JasonLovesDoggo and dirkbrnd dirkbrnd dirkbrnd
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix... High Unreviewed
CVE-2023-53392 was published Sep 18, 2025
In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in... High Unreviewed
CVE-2025-38670 was published Aug 22, 2025
In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix kernel... High Unreviewed
CVE-2025-38521 was published Aug 16, 2025
In the Linux kernel, the following vulnerability has been resolved: riscv: fgraph: Fix stack... High Unreviewed
CVE-2025-22069 was published Apr 16, 2025
OpenShift GitOps Operator Namespace Isolation Break High
CVE-2024-13484 was published for github.com/redhat-developer/gitops-operator (Go) Jan 28, 2025
svghadi Credited to svghadi
nbgrader's `frame-ancestors: self` grants all users access to formgrader High
CVE-2025-23205 was published for nbgrader (pip) Jan 17, 2025
In the Linux kernel, the following vulnerability has been resolved: s390/entry: Mark IRQ entries... High Unreviewed
CVE-2024-57838 was published Jan 11, 2025
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain... High Unreviewed
CVE-2024-43704 was published Nov 18, 2024
Exposure of resource to wrong sphere in some Intel(R) processors with Intel(R) ACTM may allow a... High Unreviewed
CVE-2024-24985 was published Nov 13, 2024
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: change DMA... High Unreviewed
CVE-2024-43881 was published Aug 21, 2024
Apache Helix Front (UI) component contained a hard-coded secret High
CVE-2024-22281 was published for org.apache.helix:helix (Maven) Aug 21, 2024
TorchServe gRPC Port Exposure High
CVE-2024-35199 was published for torchserve (pip) Jul 18, 2024
In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation... High Unreviewed
CVE-2024-39499 was published Jul 12, 2024
Windows MSHTML Platform Spoofing Vulnerability High Unreviewed
CVE-2024-38112 was published Jul 9, 2024
In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage... High Unreviewed
CVE-2022-48757 was published Jun 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database