Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

633 advisories

Loading
chdanielmueller Credited to chdanielmueller
Better Auth: OAuth refresh-token rotation forks the token family on concurrent redemption High
CVE-2026-53517 was published for @better-auth/oauth-provider (npm) Jul 7, 2026
chdanielmueller Credited to chdanielmueller
uucore: safe_traversal TOCTOU protection only enabled on Linux Low
CVE-2026-35362 was published for uucore (Rust) Jul 6, 2026
mkdir: -m exposes directory with umask perms before chmod (race window) Low
CVE-2026-35353 was published for uu_mkdir (Rust) Jul 6, 2026
install -D: symlink race in directory creation allows arbitrary file overwrite Moderate
CVE-2026-35356 was published for uu_install (Rust) Jul 6, 2026
install: TOCTOU symlink race (unlink-then-create without O_EXCL) allows arbitrary file overwrite Moderate
CVE-2026-35355 was published for uu_install (Rust) Jul 6, 2026
OpenClaw: Combined POSIX shell options could confuse exec revalidation High
CVE-2026-53806 was published for openclaw (npm) Jul 2, 2026
YLChen-007 Credited to YLChen-007
OpenClaw: Node pairing reconnection could confuse approval scope state High
GHSA-83w9-h5wv-j9xm was published for openclaw (npm) Jul 2, 2026
YLChen-007 Credited to YLChen-007
Statamic Vulnerable to Server-Side Request Forgery via Glide (DNS rebinding) Moderate
CVE-2026-54242 was published for statamic/cms (Composer) Jun 26, 2026
jqr1449186277 Credited to jqr1449186277
ProTip! Advisories are also available from the GraphQL API