GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
626 advisories
Filter by severity
Kernel software installed and running inside a Host VM may post improper commands to the GPU...
Unknown
Unreviewed
CVE-2026-45203
was published
Jul 10, 2026
varstored is a component of the Xapi toolstack handling UEFI Variables
for a VM. It has a...
Critical
Unreviewed
CVE-2025-58151
was published
Jul 9, 2026
@better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive
High
CVE-2026-53518
was published
for
@better-auth/oauth-provider
(npm)
Jul 7, 2026
Better Auth: OAuth refresh-token rotation forks the token family on concurrent redemption
High
CVE-2026-53517
was published
for
@better-auth/oauth-provider
(npm)
Jul 7, 2026
Memory Corruption when processing asynchronous input parameters due to improper handling of...
High
Unreviewed
CVE-2026-25271
was published
Jul 6, 2026
uucore: safe_traversal TOCTOU protection only enabled on Linux
Low
CVE-2026-35362
was published
for
uucore
(Rust)
Jul 6, 2026
mkdir: -m exposes directory with umask perms before chmod (race window)
Low
CVE-2026-35353
was published
for
uu_mkdir
(Rust)
Jul 6, 2026
install -D: symlink race in directory creation allows arbitrary file overwrite
Moderate
CVE-2026-35356
was published
for
uu_install
(Rust)
Jul 6, 2026
install: TOCTOU symlink race (unlink-then-create without O_EXCL) allows arbitrary file overwrite
Moderate
CVE-2026-35355
was published
for
uu_install
(Rust)
Jul 6, 2026
Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an...
High
Unreviewed
CVE-2026-58299
was published
Jul 3, 2026
OpenClaw: Combined POSIX shell options could confuse exec revalidation
High
CVE-2026-53806
was published
for
openclaw
(npm)
Jul 2, 2026
OpenClaw: Node pairing reconnection could confuse approval scope state
High
GHSA-83w9-h5wv-j9xm
was published
for
openclaw
(npm)
Jul 2, 2026
NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time...
High
Unreviewed
CVE-2026-24260
was published
Jul 1, 2026
Time-of-check time-of-use (TOCTOU) race condition vulnerability in Samsung Open Source Escargot...
Moderate
Unreviewed
CVE-2026-14160
was published
Jun 30, 2026
Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation...
High
Unreviewed
CVE-2026-57959
was published
Jun 29, 2026
Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper...
Moderate
Unreviewed
CVE-2026-13742
was published
Jun 29, 2026
acl before version 2.4.0 contains a time-of-check to time-of-use (TOCTOU) race condition...
High
Unreviewed
CVE-2026-54370
was published
Jun 29, 2026
Statamic Vulnerable to Server-Side Request Forgery via Glide (DNS rebinding)
Moderate
CVE-2026-54242
was published
for
statamic/cms
(Composer)
Jun 26, 2026
Aimeos Pagible CMS vulnerable to Server Side Request Forgery (SSRF) via DNS rebinding in admin proxy
Low
CVE-2026-49262
was published
for
aimeos/pagible
(Composer)
Jun 26, 2026
In the Linux kernel, the following vulnerability has been resolved:
xsk: cache csum_start...
High
Unreviewed
CVE-2026-53250
was published
Jun 25, 2026
In the Linux kernel, the following vulnerability has been resolved:
drm/gem: Try to fix...
High
Unreviewed
CVE-2026-53145
was published
Jun 25, 2026
In the Linux kernel, the following vulnerability has been resolved:
sched/psi: fix race between...
High
Unreviewed
CVE-2026-52991
was published
Jun 24, 2026
@budibase/backend-core has potential SSRF DNS rebinding bypass in outbound fetch validation
High
CVE-2026-54353
was published
for
@budibase/backend-core
(npm)
Jun 22, 2026
A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before...
Low
Unreviewed
CVE-2026-48931
was published
Jun 22, 2026
A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a...
High
Unreviewed
CVE-2026-41045
was published
Jun 22, 2026
ProTip!
Advisories are also available from the
GraphQL API