Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

63 advisories

Loading
install -D: symlink race in directory creation allows arbitrary file overwrite Moderate
CVE-2026-35356 was published for uu_install (Rust) Jul 6, 2026
install: TOCTOU symlink race (unlink-then-create without O_EXCL) allows arbitrary file overwrite Moderate
CVE-2026-35355 was published for uu_install (Rust) Jul 6, 2026
Statamic Vulnerable to Server-Side Request Forgery via Glide (DNS rebinding) Moderate
CVE-2026-54242 was published for statamic/cms (Composer) Jun 26, 2026
jqr1449186277 Credited to jqr1449186277
ChatterBot: Symlink-Following Arbitrary Write via UbuntuCorpusTrainer Moderate
GHSA-wvrh-2f4m-924v was published for ChatterBot (pip) Jun 19, 2026
AAtomical Credited to AAtomical
CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance Moderate
CVE-2026-54777 was published for CoreWCF.NetNamedPipe (NuGet) Jun 19, 2026
Keycloak has a Time-of-check Time-of-use (TOCTOU) Race Condition Moderate
CVE-2026-9796 was published for org.keycloak:keycloak-server (Maven) May 28, 2026
Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap Moderate
CVE-2026-41568 was published for github.com/docker/docker (Go) May 18, 2026
manizada Credited to manizada and vvoland vvoland vvoland
Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes Moderate
CVE-2026-42592 was published for github.com/gotenberg/gotenberg/v8 (Go) May 7, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Duplicate Advisory: OpenClaw: OpenShell FS bridge writes stay pinned to the sandbox mount root Moderate
GHSA-6f72-9gxx-98mj was published for openclaw (npm) May 6, 2026 withdrawn
Duplicate Advisory: OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes Moderate
GHSA-frr5-j3mh-h9ch was published for openclaw (npm) May 6, 2026 withdrawn
Duplicate Advisory: OpenClaw: Browser SSRF hostname validation could be bypassed by DNS rebinding Moderate
GHSA-w7rc-vvgx-pj45 was published for openclaw (npm) May 6, 2026 withdrawn
OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes Moderate
CVE-2026-44113 was published for openclaw (npm) May 4, 2026
VladimirEliTokarev Credited to VladimirEliTokarev
OpenClaw: OpenShell FS bridge writes stay pinned to the sandbox mount root Moderate
CVE-2026-44112 was published for openclaw (npm) May 4, 2026
VladimirEliTokarev Credited to VladimirEliTokarev
Duplicate Advisory: OpenClaw: Voice-call Plivo replay mutates in-process callback origin before replay rejection Moderate
GHSA-cw28-63x4-37c3 was published for openclaw (npm) Apr 24, 2026 withdrawn
uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition Moderate
CVE-2026-35376 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition Moderate
CVE-2026-35374 was published for coreutils (Rust) Apr 22, 2026
Duplicate Advisory: uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition Moderate
GHSA-m26v-hjq3-x245 was published for coreutils (Rust) Apr 22, 2026 withdrawn
Duplicate Advisory: uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition Moderate
GHSA-v24v-f45g-w7jf was published for coreutils (Rust) Apr 22, 2026 withdrawn
uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition Moderate
CVE-2026-35354 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition Moderate
CVE-2026-35357 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition Moderate
CVE-2026-35364 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition Moderate
CVE-2026-35360 was published for coreutils (Rust) Apr 22, 2026
Spring Security Core has a TOCTOU race condition when One-Time Token login with JdbcOneTimeTokenService is configured Moderate
CVE-2026-22751 was published for org.springframework.security:spring-security-core (Maven) Apr 21, 2026
Mattermost has session spoofing due to lack of single-use consumption of guest magic link tokens enforcement Moderate
CVE-2026-3590 was published for github.com/mattermost/mattermost-server (Go) Apr 17, 2026
ProTip! Advisories are also available from the GraphQL API