Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,227
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,502
Pub
12
RubyGems
995
Rust
1,187
Swift
51
Unreviewed advisories
All unreviewed
5,000+

495 advisories

Loading
In MAE, there is a possible out of bounds write due to a race condition. This could lead to local... Moderate Unreviewed
CVE-2026-20438 was published Mar 2, 2026
A time-of-create-to-time-of-use (TOCTOU) vulnerability lets recently deleted-then-recreated data... Low Unreviewed
CVE-2026-21725 was published Feb 25, 2026
Craft CMS Race condition in Token Service potentially allows for token usage greater than the token limit Moderate
CVE-2026-27128 was published for craftcms/cms (Composer) Feb 23, 2026
vitalysim Credited to vitalysim
Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding High
CVE-2026-27127 was published for craftcms/cms (Composer) Feb 23, 2026
RajChowdhury240 Credited to RajChowdhury240 and rlarabee rlarabee rlarabee
In the Linux kernel, the following vulnerability has been resolved: bonding: annotate data-races... Moderate Unreviewed
CVE-2026-23212 was published Feb 18, 2026
In the Linux kernel, the following vulnerability has been resolved: md: suspend array while... Moderate Unreviewed
CVE-2025-71225 was published Feb 18, 2026
Indico has Server-Side Request Forgery (SSRF) in multiple places Moderate
CVE-2026-25738 was published for indico (pip) Feb 17, 2026
rahulgovind Credited to rahulgovind, inkz, and yueyueL inkz inkz
yueyueL yueyueL
Mattermost doesn't properly validate channel membership at the time of data retrieval Low
CVE-2026-20796 was published for github.com/mattermost/mattermost-server (Go) Feb 13, 2026
Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that... High Unreviewed
CVE-2026-26224 was published Feb 13, 2026
A race condition was addressed with improved handling of symbolic links. This issue is fixed in... Critical Unreviewed
CVE-2026-20677 was published Feb 12, 2026
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow... High Unreviewed
CVE-2023-31324 was published Feb 11, 2026
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow... High Unreviewed
CVE-2023-20548 was published Feb 11, 2026
A Time-of-check time-of-use (TOCTOU) race condition in the SMM communications buffer could allow... Moderate Unreviewed
CVE-2024-36311 was published Feb 10, 2026
Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized... High Unreviewed
CVE-2026-21240 was published Feb 10, 2026
Local privilege escalation vulnerability via insecure temporary batch file execution in ESET... High Unreviewed
CVE-2025-13818 was published Feb 6, 2026
@nyariv/sandboxjs vulnerable to sandbox escape via TOCTOU bug on keys in property accesses Critical
CVE-2026-25641 was published for @nyariv/sandboxjs (npm) Feb 5, 2026
cristianstaicu Credited to cristianstaicu
n8n's Improper File Access Controls Allow Arbitrary File Read by Authenticated Users Critical
CVE-2026-25052 was published for n8n (npm) Feb 4, 2026
theolelasseux Credited to theolelasseux
It was found that the XPC service offered by the privileged helper of Native Access uses the PID... Critical Unreviewed
CVE-2026-24071 was published Feb 2, 2026
miniserve affected by a TOCTOU and symlink race vulnerability Moderate
CVE-2025-67124 was published for miniserve (Rust) Jan 23, 2026
Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10,... Low Unreviewed
CVE-2026-22281 was published Jan 22, 2026
Keycloak does not validate and update refresh token usage atomically Low
CVE-2026-1035 was published for org.keycloak:keycloak-services (Maven) Jan 21, 2026
Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS High
CVE-2026-23950 was published for tar (npm) Jan 21, 2026
tomasilluminati Credited to tomasilluminati, ssushant0011, and urielcos ssushant0011 ssushant0011
urielcos urielcos
Turbo Frame responses can restore stale session cookies Low
CVE-2025-66803 was published for @hotwired/turbo (npm) Jan 20, 2026
domchristie Credited to domchristie, packagethief, and samoli packagethief packagethief
samoli samoli
A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC... Moderate Unreviewed
CVE-2026-21912 was published Jan 15, 2026
Outray cli is vulnerable to race conditions in tunnels creation Moderate
CVE-2026-22820 was published for outray (npm) Jan 13, 2026
gr33pp Credited to gr33pp and SENSEiXENUS SENSEiXENUS SENSEiXENUS
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database