GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
633 advisories
Filter by severity
A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0...
High
Unreviewed
CVE-2026-2638
was published
Jun 9, 2026
Omni has a TOCTOU race condition that allows multiple concurrent uses of a single-use SAML session token
High
CVE-2026-45720
was published
for
github.com/siderolabs/omni
(Go)
Jun 5, 2026
SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TOCTOU) race condition that...
High
Unreviewed
CVE-2025-41259
was published
Jun 3, 2026
A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13...
High
Unreviewed
CVE-2025-64390
was published
Jun 2, 2026
Memory Corruption when accessing shared buffers without validation of concurrent user-mode input...
High
Unreviewed
CVE-2026-25260
was published
Jun 2, 2026
Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent...
Moderate
Unreviewed
CVE-2025-59610
was published
Jun 2, 2026
In geniezone, there is a possible out of bounds write due to a race condition. This could lead to...
Moderate
Unreviewed
CVE-2026-20454
was published
Jun 1, 2026
In the Linux kernel, the following vulnerability has been resolved:
sctp: revalidate list cursor...
High
Unreviewed
CVE-2026-46227
was published
May 28, 2026
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix node_cnt race...
Moderate
Unreviewed
CVE-2026-46194
was published
May 28, 2026
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix...
Moderate
Unreviewed
CVE-2026-46159
was published
May 28, 2026
Keycloak has a Time-of-check Time-of-use (TOCTOU) Race Condition
Moderate
CVE-2026-9796
was published
for
org.keycloak:keycloak-server
(Maven)
May 28, 2026
In the Linux kernel, the following vulnerability has been resolved:
bpf: Require frozen map for...
Moderate
Unreviewed
CVE-2026-45927
was published
May 27, 2026
Pterodactyl has a database resource limit bypass via race condition in Client API
Low
CVE-2026-35202
was published
for
pterodactyl/panel
(Composer)
May 26, 2026
NVIDIA Display Driver for Windows contains a vulnerability where an attacker could cause a time...
High
Unreviewed
CVE-2026-24191
was published
May 26, 2026
A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker...
High
Unreviewed
CVE-2026-45208
was published
May 21, 2026
A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service...
High
Unreviewed
CVE-2025-71215
was published
May 21, 2026
A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism...
High
Unreviewed
CVE-2025-71216
was published
May 21, 2026
A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through...
Low
Unreviewed
CVE-2026-7837
was published
May 21, 2026
Undefined behavior may result due to a race condition leading to a use-after-free violation. If...
High
Unreviewed
CVE-2026-5947
was published
May 20, 2026
Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in...
High
Unreviewed
CVE-2026-29518
was published
May 20, 2026
Diffusers: TOCTOU Trust Remote Code Bypass
High
CVE-2026-45804
was published
for
diffusers
(pip)
May 20, 2026
Docker: Race condition in docker cp allows bind mount redirection to host path
High
CVE-2026-42306
was published
for
github.com/docker/docker
(Go)
May 18, 2026
Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap
Moderate
CVE-2026-41568
was published
for
github.com/docker/docker
(Go)
May 18, 2026
AVideo CVE-2026-43884 incomplete fix - six (or more) `isSSRFSafeURL()` call sites still discard the `$resolvedIP` out-param at master HEAD post-`603e7bf`
Moderate
CVE-2026-45619
was published
for
WWBN/AVideo
(Composer)
May 15, 2026
VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an...
High
Unreviewed
CVE-2026-41702
was published
May 15, 2026
ProTip!
Advisories are also available from the
GraphQL API