Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,175
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

590 advisories

Loading
turso-cli persists Turso platform JWT with world-readable (0o644) file permissions Moderate
CVE-2026-48790 was published for github.com/tursodatabase/turso-cli (Go) Jun 26, 2026
In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user... Moderate Unreviewed
CVE-2026-57924 was published Jun 26, 2026
nextflow auth login command has incorrect default permissions Moderate
CVE-2026-48722 was published for io.nextflow:nextflow (Maven) Jun 25, 2026
Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server (nuxt dev)... Moderate Unreviewed
CVE-2026-56301 was published Jun 23, 2026
OpenClaw: Config recovery could restore openclaw.json with broad file permissions Moderate
CVE-2026-53856 was published for openclaw (npm) Jun 18, 2026
Kaze310 Credited to Kaze310
Hermes Agent creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644) Moderate
CVE-2026-53870 was published for hermes-agent (pip) Jun 17, 2026
Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a... Moderate Unreviewed
CVE-2025-15642 was published Jun 17, 2026
Nuxt dev server vite-node IPC socket is world-connectable on Linux Moderate
GHSA-534h-c3cw-v3h9 was published for nuxt (npm) Jun 16, 2026
alcls01111 Credited to alcls01111
Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and... Moderate Unreviewed
CVE-2026-50255 was published Jun 16, 2026
Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose... Moderate Unreviewed
CVE-2026-11931 was published Jun 15, 2026
Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows... Moderate Unreviewed
CVE-2026-8487 was published May 20, 2026
Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could... Moderate Unreviewed
CVE-2025-48516 was published May 15, 2026
Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when... Moderate Unreviewed
CVE-2026-36742 was published May 13, 2026
Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local... Moderate Unreviewed
CVE-2026-21015 was published May 13, 2026
Incorrect default permissions for some Intel(R) NPU Driver software installers before version 32... Moderate Unreviewed
CVE-2026-20718 was published May 12, 2026
Incorrect default permission in Galaxy Wearable prior to version 2.2.68.26 allows local attackers... Moderate Unreviewed
CVE-2026-21013 was published Apr 13, 2026
A container privilege escalation flaw was found in certain OpenShift Update Service (OSUS) images... Moderate Unreviewed
CVE-2025-57854 was published Apr 8, 2026
A container privilege escalation flaw was found in certain Web Terminal images. This issue stems... Moderate Unreviewed
CVE-2025-57853 was published Apr 8, 2026
A container privilege escalation flaw was found in certain Red Hat Process Automation Manager... Moderate Unreviewed
CVE-2025-58713 was published Apr 8, 2026
A container privilege escalation flaw was found in certain Ansible Automation Platform images.... Moderate Unreviewed
CVE-2025-57847 was published Apr 8, 2026
A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes... Moderate Unreviewed
CVE-2025-57851 was published Apr 8, 2026
openclaw-claude-bridge: sandbox is not effective - `--allowed-tools ""` does not restrict available tools Moderate
CVE-2026-39398 was published for openclaw-claude-bridge (npm) Apr 8, 2026
Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows... Moderate Unreviewed
CVE-2025-7024 was published Apr 3, 2026
Claude SDK for Python has Insecure Default File Permissions in Local Filesystem Memory Tool Moderate
CVE-2026-34450 was published for anthropic (pip) Apr 1, 2026
gn00295120 Credited to gn00295120
Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper... Moderate Unreviewed
CVE-2025-15615 was published Mar 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database