Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

633 advisories

Loading
Omni has a TOCTOU race condition that allows multiple concurrent uses of a single-use SAML session token High
CVE-2026-45720 was published for github.com/siderolabs/omni (Go) Jun 5, 2026
bugbunny-research Credited to bugbunny-research
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix... Moderate Unreviewed
CVE-2026-46159 was published May 28, 2026
Keycloak has a Time-of-check Time-of-use (TOCTOU) Race Condition Moderate
CVE-2026-9796 was published for org.keycloak:keycloak-server (Maven) May 28, 2026
Pterodactyl has a database resource limit bypass via race condition in Client API Low
CVE-2026-35202 was published for pterodactyl/panel (Composer) May 26, 2026
UDPSendToFailed Credited to UDPSendToFailed
Diffusers: TOCTOU Trust Remote Code Bypass High
CVE-2026-45804 was published for diffusers (pip) May 20, 2026
zafido Credited to zafido and gal-zafran gal-zafran gal-zafran
Docker: Race condition in docker cp allows bind mount redirection to host path High
CVE-2026-42306 was published for github.com/docker/docker (Go) May 18, 2026
vvoland Credited to vvoland
Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap Moderate
CVE-2026-41568 was published for github.com/docker/docker (Go) May 18, 2026
manizada Credited to manizada and vvoland vvoland vvoland
ProTip! Advisories are also available from the GraphQL API