GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
143 advisories
Filter by severity
AVideo CVE-2026-43884 incomplete fix - six (or more) `isSSRFSafeURL()` call sites still discard the `$resolvedIP` out-param at master HEAD post-`603e7bf`
Moderate
CVE-2026-45619
was published
for
WWBN/AVideo
(Composer)
May 15, 2026
n8n-mcp webhook and API client paths has an authenticated SSRF
High
CVE-2026-44694
was published
for
n8n-mcp
(npm)
May 8, 2026
Spring Cloud Config Server Susceptible To TOCTOU Attack
High
CVE-2026-41002
was published
for
org.springframework.cloud:spring-cloud-config-server
(Maven)
May 7, 2026
Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes
Moderate
CVE-2026-42592
was published
for
github.com/gotenberg/gotenberg/v8
(Go)
May 7, 2026
Duplicate Advisory: OpenClaw: OpenShell FS bridge writes stay pinned to the sandbox mount root
Moderate
GHSA-6f72-9gxx-98mj
was published
for
openclaw
(npm)
May 6, 2026
•
withdrawn
Duplicate Advisory: OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes
Moderate
GHSA-frr5-j3mh-h9ch
was published
for
openclaw
(npm)
May 6, 2026
•
withdrawn
Duplicate Advisory: OpenClaw: Browser SSRF hostname validation could be bypassed by DNS rebinding
Moderate
GHSA-w7rc-vvgx-pj45
was published
for
openclaw
(npm)
May 6, 2026
•
withdrawn
OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes
Moderate
CVE-2026-44113
was published
for
openclaw
(npm)
May 4, 2026
OpenClaw: OpenShell FS bridge writes stay pinned to the sandbox mount root
Moderate
CVE-2026-44112
was published
for
openclaw
(npm)
May 4, 2026
Duplicate Advisory: OpenClaw: Voice-call Plivo replay mutates in-process callback origin before replay rejection
Moderate
GHSA-cw28-63x4-37c3
was published
for
openclaw
(npm)
Apr 24, 2026
•
withdrawn
uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition
Moderate
CVE-2026-35376
was published
for
coreutils
(Rust)
Apr 22, 2026
uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition
Moderate
CVE-2026-35374
was published
for
coreutils
(Rust)
Apr 22, 2026
Duplicate Advisory: uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition
Moderate
GHSA-m26v-hjq3-x245
was published
for
coreutils
(Rust)
Apr 22, 2026
•
withdrawn
Duplicate Advisory: uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition
Moderate
GHSA-v24v-f45g-w7jf
was published
for
coreutils
(Rust)
Apr 22, 2026
•
withdrawn
Duplicate Advisory: uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition
Low
GHSA-vf87-345h-9qhx
was published
for
coreutils
(Rust)
Apr 22, 2026
•
withdrawn
Duplicate Advisory: uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition
Low
GHSA-ggc5-46rg-mr4v
was published
for
coreutils
(Rust)
Apr 22, 2026
•
withdrawn
uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition
Moderate
CVE-2026-35354
was published
for
coreutils
(Rust)
Apr 22, 2026
uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition
Moderate
CVE-2026-35357
was published
for
coreutils
(Rust)
Apr 22, 2026
uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition
Moderate
CVE-2026-35364
was published
for
coreutils
(Rust)
Apr 22, 2026
uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition
Moderate
CVE-2026-35360
was published
for
coreutils
(Rust)
Apr 22, 2026
uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition
High
CVE-2026-35352
was published
for
coreutils
(Rust)
Apr 22, 2026
Spring Security Core has a TOCTOU race condition when One-Time Token login with JdbcOneTimeTokenService is configured
Moderate
CVE-2026-22751
was published
for
org.springframework.security:spring-security-core
(Maven)
Apr 21, 2026
Mattermost has session spoofing due to lack of single-use consumption of guest magic link tokens enforcement
Moderate
CVE-2026-3590
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 17, 2026
Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure)
High
CVE-2026-41272
was published
for
flowise
(npm)
Apr 16, 2026
OpenClaw: TOCTOU read in exec script preflight
Low
CVE-2026-43529
was published
for
openclaw
(npm)
Apr 16, 2026
ProTip!
Advisories are also available from the
GraphQL API