GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
29 advisories
Filter by severity
uucore: safe_traversal TOCTOU protection only enabled on Linux
Low
CVE-2026-35362
was published
for
uucore
(Rust)
Jul 6, 2026
mkdir: -m exposes directory with umask perms before chmod (race window)
Low
CVE-2026-35353
was published
for
uu_mkdir
(Rust)
Jul 6, 2026
Aimeos Pagible CMS vulnerable to Server Side Request Forgery (SSRF) via DNS rebinding in admin proxy
Low
CVE-2026-49262
was published
for
aimeos/pagible
(Composer)
Jun 26, 2026
undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse
Low
CVE-2026-6733
was published
for
undici
(npm)
Jun 19, 2026
Pi Agent: Race condition in Pi auth.json writes could expose stored credentials
Low
CVE-2026-54327
was published
for
@earendil-works/pi-coding-agent
(npm)
Jun 17, 2026
Pterodactyl has a database resource limit bypass via race condition in Client API
Low
CVE-2026-35202
was published
for
pterodactyl/panel
(Composer)
May 26, 2026
Duplicate Advisory: uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition
Low
GHSA-vf87-345h-9qhx
was published
for
coreutils
(Rust)
Apr 22, 2026
•
withdrawn
Duplicate Advisory: uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition
Low
GHSA-ggc5-46rg-mr4v
was published
for
coreutils
(Rust)
Apr 22, 2026
•
withdrawn
OpenClaw: TOCTOU read in exec script preflight
Low
CVE-2026-43529
was published
for
openclaw
(npm)
Apr 16, 2026
Parse Server has an MFA single-use token bypass via concurrent authData login requests
Low
CVE-2026-34224
was published
for
parse-server
(npm)
Mar 29, 2026
Handlebars.js has a Property Access Validation Bypass in container.lookup
Low
GHSA-442j-39wm-28r2
was published
for
handlebars
(npm)
Mar 29, 2026
OpenClaw may have stale policy enforcement for queued node actions
Low
CVE-2026-35648
was published
for
openclaw
(npm)
Mar 26, 2026
Parse Server: MFA recovery code single-use bypass via concurrent requests
Low
CVE-2026-33624
was published
for
parse-server
(npm)
Mar 24, 2026
Parse Server has a password reset token single-use bypass via concurrent requests
Low
CVE-2026-32943
was published
for
parse-server
(npm)
Mar 17, 2026
OpenClaw: Microsoft Teams media fetch paths bypass shared SSRF guard model
Low
GHSA-7qf6-h84j-8fq4
was published
for
openclaw
(npm)
Mar 3, 2026
Mattermost doesn't properly validate channel membership at the time of data retrieval
Low
CVE-2026-20796
was published
for
github.com/mattermost/mattermost-server
(Go)
Feb 13, 2026
Keycloak does not validate and update refresh token usage atomically
Low
CVE-2026-1035
was published
for
org.keycloak:keycloak-services
(Maven)
Jan 21, 2026
Turbo Frame responses can restore stale session cookies
Low
CVE-2025-66803
was published
for
@hotwired/turbo
(npm)
Jan 20, 2026
NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration file
Low
CVE-2025-46328
was published
for
snowflake-sdk
(npm)
Apr 28, 2025
Go Snowflake Driver has race condition when checking access to Easy Logging configuration file
Low
CVE-2025-46327
was published
for
github.com/snowflakedb/gosnowflake
(Go)
Apr 28, 2025
Snowflake Connector for .NET has race condition when checking access to Easy Logging configuration file
Low
CVE-2025-46326
was published
for
Snowflake.Data
(NuGet)
Apr 28, 2025
Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
Low
CVE-2025-24430
was published
for
magento/community-edition
(Composer)
Feb 11, 2025
Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
Low
CVE-2025-24432
was published
for
magento/community-edition
(Composer)
Feb 11, 2025
Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations
Low
CVE-2024-47813
was published
for
wasmtime
(Rust)
Oct 9, 2024
topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
Low
GHSA-f2wx-xjfw-xjv6
was published
for
topgrade
(Rust)
Jul 17, 2023
ProTip!
Advisories are also available from the
GraphQL API