Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
50
GitHub Actions
50
Go
3,673
Maven
5,000+
npm
5,000+
NuGet
932
pip
4,891
Pub
13
RubyGems
1,051
Rust
1,315
Swift
53
Unreviewed advisories
All unreviewed
5,000+

606 advisories

Loading
A flaw was found in the OpenShift Container Platform build system. A user with the `edit`... Moderate Unreviewed
CVE-2026-7309 was published Apr 28, 2026
uutils coreutils has an Untrusted Search Path High
CVE-2026-35368 was published for coreutils (Rust) Apr 22, 2026
Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows Moderate
CVE-2026-35603 was published for @anthropic-ai/claude-code (npm) Apr 17, 2026
A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an... High Unreviewed
CVE-2026-6421 was published Apr 17, 2026
Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have... Low Unreviewed
CVE-2026-40947 was published Apr 16, 2026
Adobe Framemaker versions 2022.8 and earlier are affected by an Untrusted Search Path... High Unreviewed
CVE-2026-27290 was published Apr 15, 2026
PraisonAI Vulnerable to RCE via Automatic tools.py Import High
CVE-2026-40287 was published for PraisonAI (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading High
CVE-2026-40156 was published for praisonai (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking High
CVE-2026-39883 was published for go.opentelemetry.io/otel/sdk (Go) Apr 8, 2026
kodareef5 Credited to kodareef5 and dmathieu dmathieu dmathieu
OpenClaw Has Incomplete Fix for CVE-2026-4039: CLI Backend Environment Variable Injection via Workspace Config High
CVE-2026-41384 was published for openclaw (npm) Apr 7, 2026
YLChen-007 Credited to YLChen-007
Local privilege escalation in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0... Critical Unreviewed
CVE-2025-39666 was published Apr 7, 2026
Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a... High Unreviewed
CVE-2022-4987 was published Apr 3, 2026
The application's installer runs with elevated privileges but resolves system executables and... High Unreviewed
CVE-2026-3780 was published Apr 1, 2026
OpenClaw has a CWD `.env` environment variable injection which bypasses host-env policy and allows config takeover Critical
CVE-2026-41294 was published for openclaw (npm) Apr 1, 2026
tdjackey Credited to tdjackey
OpenClaw has an Arbitrary Malicious Code Execution Vulnerability High
CVE-2026-35641 was published for openclaw (npm) Mar 30, 2026
ChangeYourWay Credited to ChangeYourWay
A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some... High Unreviewed
CVE-2026-4962 was published Mar 27, 2026
A weakness has been identified in Flos Freeware Notepad2 4.2.25. This impacts an unknown function... High Unreviewed
CVE-2026-4546 was published Mar 22, 2026
A security flaw has been discovered in Flos Freeware Notepad2 4.2.25. This affects an unknown... High Unreviewed
CVE-2026-4545 was published Mar 22, 2026
Illustrator versions 29.8.4, 30.1 and earlier are affected by an Untrusted Search Path... High Unreviewed
CVE-2026-21333 was published Mar 11, 2026
Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally. High Unreviewed
CVE-2026-25190 was published Mar 10, 2026
A weakness has been identified in UltraVNC 1.6.4.0 on Windows. This affects an unknown function... High Unreviewed
CVE-2026-3787 was published Mar 9, 2026
OpenClaw's `tools.exec.safeBins` PATH-hijack allowed trojan binaries to bypass allowlist checks High
CVE-2026-32015 was published for openclaw (npm) Mar 3, 2026
jackhax Credited to jackhax
OpenClaw: safeBins static default trusted dirs allow writable-dir binary hijack (`jq`) High
CVE-2026-32009 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's shell env fallback trusts unvalidated SHELL path from host environment High
CVE-2026-32032 was published for openclaw (npm) Mar 3, 2026
athuljayaram Credited to athuljayaram
OpenClaw's tools.exec.safeBins trusted PATH directories allowed binary shadowing in allowlist mode Moderate
GHSA-qhrr-grqp-6x2g was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database