Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

1,070 advisories

Loading
OpenClaw/Clawdbot has 1-Click RCE via Authentication Token Exfiltration From gatewayUrl High
CVE-2026-25253 was published for clawdbot (npm) Feb 2, 2026
DepthFirstDisclosures Credited to DepthFirstDisclosures, 0xacb, and mavlevin 0xacb 0xacb
mavlevin mavlevin
Hono has an Arbitrary Key Read in Serve static Middleware (Cloudflare Workers Adapter) Moderate
CVE-2026-24473 was published for hono (npm) Jan 27, 2026
kilkat Credited to kilkat and JungJoonWoo JungJoonWoo JungJoonWoo
In the Linux kernel, the following vulnerability has been resolved: media: i2c: max9286: fix... High Unreviewed
CVE-2022-49509 was published Jan 22, 2026
VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier,... High Unreviewed
CVE-2026-23763 was published Jan 22, 2026
Intermediate register values of secure workloads can be exfiltrated in workloads scheduled from... Critical Unreviewed
CVE-2025-25176 was published Jan 13, 2026
Ksenia Security Lares 4.0 Home Automation version 1.6 contains a critical security flaw that... Critical Unreviewed
CVE-2025-15114 was published Dec 31, 2025
Agno session state overwrites between different sessions/users High
CVE-2025-64168 was published for agno (pip) Oct 31, 2025
JasonLovesDoggo Credited to JasonLovesDoggo and dirkbrnd dirkbrnd dirkbrnd
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix... High Unreviewed
CVE-2023-53392 was published Sep 18, 2025
In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in... High Unreviewed
CVE-2025-38670 was published Aug 22, 2025
A vulnerability was identified in Docker Desktop that allows local running Linux containers to... Critical Unreviewed
CVE-2025-9074 was published Aug 20, 2025
In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix kernel... High Unreviewed
CVE-2025-38521 was published Aug 16, 2025
CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram... Moderate Unreviewed
CVE-2025-6788 was published Jul 11, 2025
HashiCorp Vagrant has code injection vulnerability through default synced folders Moderate
CVE-2025-34075 was published for vagrant (RubyGems) Jul 2, 2025
Software installed and running inside a Guest VM may override Firmware's state and gain access to... Moderate Unreviewed
CVE-2025-46707 was published Jun 27, 2025
Quarkus potentially leaks data when duplicating a duplicated context Moderate
CVE-2025-49574 was published for io.quarkus:quarkus-vertx (Maven) Jun 23, 2025
markusdlugi Credited to markusdlugi
In the Linux kernel, the following vulnerability has been resolved: riscv: Fix kernel crash due... Moderate Unreviewed
CVE-2025-37966 was published May 20, 2025
In the Linux kernel, the following vulnerability has been resolved: riscv: fgraph: Fix stack... High Unreviewed
CVE-2025-22069 was published Apr 16, 2025
Unregistered users can see "public" messages from a closed wiki via notifications from a different wiki Moderate
CVE-2025-32783 was published for org.xwiki.platform:xwiki-platform-messagestream (Maven) Apr 16, 2025
TigerVNC accessible via the network and not just via a UNIX socket as intended Critical
CVE-2025-32428 was published for jupyter-remote-desktop-proxy (pip) Apr 12, 2025
frejanordsiek Credited to frejanordsiek, consideRatio, and minrk consideRatio consideRatio
minrk minrk
Following the sandbox escape in CVE-2025-2783, various Firefox developers identified a similar... Critical Unreviewed
CVE-2025-2857 was published Mar 27, 2025
Apache Cassandra: unrestricted deserialization of JMX authentication credentials Moderate
CVE-2024-27137 was published for org.apache.cassandra:cassandra-all (Maven) Feb 4, 2025
OpenShift GitOps Operator Namespace Isolation Break High
CVE-2024-13484 was published for github.com/redhat-developer/gitops-operator (Go) Jan 28, 2025
svghadi Credited to svghadi
nbgrader's `frame-ancestors: self` grants all users access to formgrader High
CVE-2025-23205 was published for nbgrader (pip) Jan 17, 2025
In the Linux kernel, the following vulnerability has been resolved: s390/entry: Mark IRQ entries... High Unreviewed
CVE-2024-57838 was published Jan 11, 2025
Dell NativeEdge, version(s) 2.1.0.0, contain(s) a Creation of Temporary File With Insecure... Moderate Unreviewed
CVE-2024-52543 was published Dec 25, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database