GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
54 advisories
Filter by severity
uucore: safe_traversal TOCTOU protection only enabled on Linux
Low
CVE-2026-35362
was published
for
uucore
(Rust)
Jul 6, 2026
Duplicate Advisory: uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition
Low
GHSA-ggc5-46rg-mr4v
was published
for
coreutils
(Rust)
Apr 22, 2026
•
withdrawn
mkdir: -m exposes directory with umask perms before chmod (race window)
Low
CVE-2026-35353
was published
for
uu_mkdir
(Rust)
Jul 6, 2026
Duplicate Advisory: uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition
Low
GHSA-vf87-345h-9qhx
was published
for
coreutils
(Rust)
Apr 22, 2026
•
withdrawn
A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before...
Low
Unreviewed
CVE-2026-48931
was published
Jun 22, 2026
Aimeos Pagible CMS vulnerable to Server Side Request Forgery (SSRF) via DNS rebinding in admin proxy
Low
CVE-2026-49262
was published
for
aimeos/pagible
(Composer)
Jun 26, 2026
undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse
Low
CVE-2026-6733
was published
for
undici
(npm)
Jun 19, 2026
Pi Agent: Race condition in Pi auth.json writes could expose stored credentials
Low
CVE-2026-54327
was published
for
@earendil-works/pi-coding-agent
(npm)
Jun 17, 2026
Pterodactyl has a database resource limit bypass via race condition in Client API
Low
CVE-2026-35202
was published
for
pterodactyl/panel
(Composer)
May 26, 2026
Potential proxy IP restriction bypass in Kubernetes
Low
CVE-2020-8562
was published
for
k8s.io/kubernetes
(Go)
Feb 2, 2022
Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations
Low
CVE-2024-47813
was published
for
wasmtime
(Rust)
Oct 9, 2024
A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through...
Low
Unreviewed
CVE-2026-7837
was published
May 21, 2026
When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function...
Low
Unreviewed
CVE-2026-5958
was published
Apr 20, 2026
A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent...
Low
Unreviewed
CVE-2025-52532
was published
May 15, 2026
A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load...
Low
Unreviewed
CVE-2022-23826
was published
May 15, 2026
OpenClaw: TOCTOU read in exec script preflight
Low
CVE-2026-43529
was published
for
openclaw
(npm)
Apr 16, 2026
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in YetAnotherStarsRating.Com YASR...
Low
Unreviewed
CVE-2023-37867
was published
Nov 30, 2023
OpenClaw may have stale policy enforcement for queued node actions
Low
CVE-2026-35648
was published
for
openclaw
(npm)
Mar 26, 2026
Keycloak does not validate and update refresh token usage atomically
Low
CVE-2026-1035
was published
for
org.keycloak:keycloak-services
(Maven)
Jan 21, 2026
Parse Server has an MFA single-use token bypass via concurrent authData login requests
Low
CVE-2026-34224
was published
for
parse-server
(npm)
Mar 29, 2026
Handlebars.js has a Property Access Validation Bypass in container.lookup
Low
GHSA-442j-39wm-28r2
was published
for
handlebars
(npm)
Mar 29, 2026
Parse Server: MFA recovery code single-use bypass via concurrent requests
Low
CVE-2026-33624
was published
for
parse-server
(npm)
Mar 24, 2026
Parse Server has a password reset token single-use bypass via concurrent requests
Low
CVE-2026-32943
was published
for
parse-server
(npm)
Mar 17, 2026
OpenClaw: Microsoft Teams media fetch paths bypass shared SSRF guard model
Low
GHSA-7qf6-h84j-8fq4
was published
for
openclaw
(npm)
Mar 3, 2026
A time-of-create-to-time-of-use (TOCTOU) vulnerability lets recently deleted-then-recreated data...
Low
Unreviewed
CVE-2026-21725
was published
Feb 25, 2026
ProTip!
Advisories are also available from the
GraphQL API