GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
633 advisories
Filter by severity
A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent...
Low
Unreviewed
CVE-2025-52532
was published
May 15, 2026
A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load...
Low
Unreviewed
CVE-2022-23826
was published
May 15, 2026
csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU...
Moderate
Unreviewed
CVE-2026-41051
was published
May 13, 2026
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate...
High
Unreviewed
CVE-2026-35418
was published
May 12, 2026
Akamai Guardicore Platform Agent (GPA) and Zero Trust Client on Linux and macOS allow TOCTOU...
High
Unreviewed
CVE-2026-34354
was published
May 8, 2026
n8n-mcp webhook and API client paths has an authenticated SSRF
High
CVE-2026-44694
was published
for
n8n-mcp
(npm)
May 8, 2026
Due to multiple time-of-check time-of-use race conditions in the resource count check and...
Moderate
Unreviewed
CVE-2025-69233
was published
May 8, 2026
The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver...
High
Unreviewed
CVE-2022-26522
was published
May 8, 2026
Spring Cloud Config Server Susceptible To TOCTOU Attack
High
CVE-2026-41002
was published
for
org.springframework.cloud:spring-cloud-config-server
(Maven)
May 7, 2026
Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes
Moderate
CVE-2026-42592
was published
for
github.com/gotenberg/gotenberg/v8
(Go)
May 7, 2026
Duplicate Advisory: OpenClaw: OpenShell FS bridge writes stay pinned to the sandbox mount root
Moderate
GHSA-6f72-9gxx-98mj
was published
for
openclaw
(npm)
May 6, 2026
•
withdrawn
Duplicate Advisory: OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes
Moderate
GHSA-frr5-j3mh-h9ch
was published
for
openclaw
(npm)
May 6, 2026
•
withdrawn
Duplicate Advisory: OpenClaw: Browser SSRF hostname validation could be bypassed by DNS rebinding
Moderate
GHSA-w7rc-vvgx-pj45
was published
for
openclaw
(npm)
May 6, 2026
•
withdrawn
A race condition exists in PaperCut MF when processing badge-swipe data from certain HP...
Moderate
Unreviewed
CVE-2026-6180
was published
May 5, 2026
Improper privilege management in the log rotation mechanism of the Skylight Workspace Config...
High
Unreviewed
CVE-2026-7791
was published
May 5, 2026
OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes
Moderate
CVE-2026-44113
was published
for
openclaw
(npm)
May 4, 2026
OpenClaw: OpenShell FS bridge writes stay pinned to the sandbox mount root
Moderate
CVE-2026-44112
was published
for
openclaw
(npm)
May 4, 2026
Memory corruption while creating a process on the digital signal processor due to allocation...
High
Unreviewed
CVE-2025-47407
was published
May 4, 2026
In the Linux kernel, the following vulnerability has been resolved:
xfs: close crash window in...
Moderate
Unreviewed
CVE-2026-43053
was published
May 1, 2026
In the Linux kernel, the following vulnerability has been resolved:
openvswitch: defer tunnel...
High
Unreviewed
CVE-2026-31678
was published
Apr 25, 2026
In the Linux kernel, the following vulnerability has been resolved:
smb: client: make use of...
Moderate
Unreviewed
CVE-2026-31535
was published
Apr 24, 2026
OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to...
Moderate
Unreviewed
CVE-2026-41360
was published
Apr 24, 2026
Duplicate Advisory: OpenClaw: Voice-call Plivo replay mutates in-process callback origin before replay rejection
Moderate
GHSA-cw28-63x4-37c3
was published
for
openclaw
(npm)
Apr 24, 2026
•
withdrawn
OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file...
Moderate
Unreviewed
CVE-2026-41338
was published
Apr 24, 2026
uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition
Moderate
CVE-2026-35376
was published
for
coreutils
(Rust)
Apr 22, 2026
ProTip!
Advisories are also available from the
GraphQL API