Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
50
GitHub Actions
50
Go
3,679
Maven
5,000+
npm
5,000+
NuGet
932
pip
4,910
Pub
13
RubyGems
1,053
Rust
1,318
Swift
53
Unreviewed advisories
All unreviewed
5,000+

606 advisories

Loading
OpenClaw Has Incomplete Fix for CVE-2026-4039: CLI Backend Environment Variable Injection via Workspace Config High
CVE-2026-41384 was published for openclaw (npm) Apr 7, 2026
YLChen-007 Credited to YLChen-007
uutils coreutils has an Untrusted Search Path High
CVE-2026-35368 was published for coreutils (Rust) Apr 22, 2026
During the installation of the Native Access application, a privileged helper `com.native... High Unreviewed
CVE-2026-24070 was published Feb 2, 2026
A flaw was found in the OpenShift Container Platform build system. A user with the `edit`... Moderate Unreviewed
CVE-2026-7309 was published Apr 28, 2026
Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows Moderate
CVE-2026-35603 was published for @anthropic-ai/claude-code (npm) Apr 17, 2026
OpenClaw has a CWD `.env` environment variable injection which bypasses host-env policy and allows config takeover Critical
CVE-2026-41294 was published for openclaw (npm) Apr 1, 2026
tdjackey Credited to tdjackey
Perl threads have a working directory race condition where file operations may target unintended... Moderate Unreviewed
CVE-2025-40909 was published May 30, 2025
A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an... High Unreviewed
CVE-2026-6421 was published Apr 17, 2026
Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have... Low Unreviewed
CVE-2026-40947 was published Apr 16, 2026
Adobe Framemaker versions 2022.8 and earlier are affected by an Untrusted Search Path... High Unreviewed
CVE-2026-27290 was published Apr 15, 2026
PraisonAI Vulnerable to RCE via Automatic tools.py Import High
CVE-2026-40287 was published for PraisonAI (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
Local privilege escalation in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0... Critical Unreviewed
CVE-2025-39666 was published Apr 7, 2026
Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3,... Moderate Unreviewed
CVE-2012-1854 was published May 14, 2022
A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4 on 32-bit... High Unreviewed
CVE-2026-2516 was published Feb 15, 2026
OpenClaw has an Arbitrary Malicious Code Execution Vulnerability High
CVE-2026-35641 was published for openclaw (npm) Mar 30, 2026
ChangeYourWay Credited to ChangeYourWay
PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading High
CVE-2026-40156 was published for praisonai (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking High
CVE-2026-39883 was published for go.opentelemetry.io/otel/sdk (Go) Apr 8, 2026
kodareef5 Credited to kodareef5 and dmathieu dmathieu dmathieu
Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a... High Unreviewed
CVE-2022-4987 was published Apr 3, 2026
The application's installer runs with elevated privileges but resolves system executables and... High Unreviewed
CVE-2026-3780 was published Apr 1, 2026
OpenClaw: macOS optional allowlist basename matching could bypass path-based policy Moderate
CVE-2026-32016 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's `tools.exec.safeBins` PATH-hijack allowed trojan binaries to bypass allowlist checks High
CVE-2026-32015 was published for openclaw (npm) Mar 3, 2026
jackhax Credited to jackhax
OpenClaw: safeBins static default trusted dirs allow writable-dir binary hijack (`jq`) High
CVE-2026-32009 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some... High Unreviewed
CVE-2026-4962 was published Mar 27, 2026
OpenClaw's shell env fallback trusts unvalidated SHELL path from host environment High
CVE-2026-32032 was published for openclaw (npm) Mar 3, 2026
athuljayaram Credited to athuljayaram
A weakness has been identified in Flos Freeware Notepad2 4.2.25. This impacts an unknown function... High Unreviewed
CVE-2026-4546 was published Mar 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database