Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

626 advisories

Loading
Spring Cloud Config Server Susceptible To TOCTOU Attack High
CVE-2026-41002 was published for org.springframework.cloud:spring-cloud-config-server (Maven) May 7, 2026
scottfrederick Credited to scottfrederick
Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes Moderate
CVE-2026-42592 was published for github.com/gotenberg/gotenberg/v8 (Go) May 7, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Duplicate Advisory: OpenClaw: OpenShell FS bridge writes stay pinned to the sandbox mount root Moderate
GHSA-6f72-9gxx-98mj was published for openclaw (npm) May 6, 2026 withdrawn
Duplicate Advisory: OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes Moderate
GHSA-frr5-j3mh-h9ch was published for openclaw (npm) May 6, 2026 withdrawn
Duplicate Advisory: OpenClaw: Browser SSRF hostname validation could be bypassed by DNS rebinding Moderate
GHSA-w7rc-vvgx-pj45 was published for openclaw (npm) May 6, 2026 withdrawn
OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes Moderate
CVE-2026-44113 was published for openclaw (npm) May 4, 2026
VladimirEliTokarev Credited to VladimirEliTokarev
OpenClaw: OpenShell FS bridge writes stay pinned to the sandbox mount root Moderate
CVE-2026-44112 was published for openclaw (npm) May 4, 2026
VladimirEliTokarev Credited to VladimirEliTokarev
Duplicate Advisory: OpenClaw: Voice-call Plivo replay mutates in-process callback origin before replay rejection Moderate
GHSA-cw28-63x4-37c3 was published for openclaw (npm) Apr 24, 2026 withdrawn
uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition Moderate
CVE-2026-35376 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition Moderate
CVE-2026-35374 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition High
CVE-2026-35352 was published for coreutils (Rust) Apr 22, 2026
Duplicate Advisory: uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition Moderate
GHSA-m26v-hjq3-x245 was published for coreutils (Rust) Apr 22, 2026 withdrawn
Duplicate Advisory: uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition Moderate
GHSA-v24v-f45g-w7jf was published for coreutils (Rust) Apr 22, 2026 withdrawn
Duplicate Advisory: uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition Low
GHSA-vf87-345h-9qhx was published for coreutils (Rust) Apr 22, 2026 withdrawn
Duplicate Advisory: uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition Low
GHSA-ggc5-46rg-mr4v was published for coreutils (Rust) Apr 22, 2026 withdrawn
uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition Moderate
CVE-2026-35354 was published for coreutils (Rust) Apr 22, 2026
ProTip! Advisories are also available from the GraphQL API