GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
Diffusers: TOCTOU Trust Remote Code Bypass
High
CVE-2026-45804
was published
for
diffusers
(pip)
May 20, 2026
ChatterBot: Symlink-Following Arbitrary Write via UbuntuCorpusTrainer
Moderate
GHSA-wvrh-2f4m-924v
was published
for
ChatterBot
(pip)
Jun 19, 2026
PraisonAI: Jobs webhook SSRF protection bypass via DNS rebinding
High
GHSA-rjvw-7vvw-549v
was published
for
praisonai
(pip)
Jun 18, 2026
ONNX: TOCTOU arbitrary file read/write in save_external_dat
High
GHSA-q56x-g2fj-4rj6
was published
for
onnx
(pip)
Apr 1, 2026
Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape
Moderate
CVE-2026-34452
was published
for
anthropic
(pip)
Apr 1, 2026
Indico has Server-Side Request Forgery (SSRF) in multiple places
Moderate
CVE-2026-25738
was published
for
indico
(pip)
Feb 17, 2026
filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock
Moderate
CVE-2026-22701
was published
for
filelock
(pip)
Jan 13, 2026
filelock has a TOCTOU race condition which allows symlink attacks during lock file creation
Moderate
CVE-2025-68146
was published
for
filelock
(pip)
Dec 16, 2025
ASTEVAL Allows Malicious Tampering of Exposed AST Nodes Leads to Sandbox Escape
High
GHSA-vp47-9734-prjw
was published
for
asteval
(pip)
Jan 23, 2025
WordOps has TOCTOU race condition
Moderate
CVE-2024-34528
was published
for
wordops
(pip)
May 6, 2024
Apache StreamPipes potentially allows creation of multiple identical accounts
Moderate
CVE-2024-30471
was published
for
org.apache.streampipes:streampipes-parent
(Maven)
Jul 17, 2024
Waitress has request processing race condition in HTTP pipelining with invalid first request
Critical
CVE-2024-49768
was published
for
waitress
(pip)
Oct 29, 2024
Insecure temporary file in Tensorflow
High
CVE-2022-23563
was published
for
tensorflow
(pip)
Feb 9, 2022
B2 Command Line Tool TOCTOU application key disclosure
Moderate
CVE-2022-23653
was published
for
b2
(pip)
Feb 24, 2022
b2-sdk-python TOCTOU application key disclosure
Moderate
CVE-2022-23651
was published
for
b2sdk
(pip)
Feb 24, 2022
OpenStack Storlets arbitrary code execution vulnerability
High
CVE-2024-28717
was published
for
storlets
(pip)
Apr 22, 2024
OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack
Moderate
CVE-2024-28718
was published
for
magnum
(pip)
Apr 12, 2024
Gradio apps vulnerable to timing attacks to guess password
Moderate
CVE-2024-1729
was published
for
gradio
(pip)
Feb 22, 2024
ProTip!
Advisories are also available from the
GraphQL API