GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,340
Maven
5,000+
npm
5,000+
NuGet
1,033
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,498
Swift
61
Unreviewed advisories
All unreviewed
5,000+
131,736 advisories
Filter by severity
OpenClaw 2026.1.20 before 2026.5.27 contain an authorization bypass vulnerability in the device...
High
Unreviewed
CVE-2026-62218
was published
Jul 17, 2026
OpenClaw versions 2026.5.10-beta.1 before 2026.6.5 contain an authorization bypass in the...
High
Unreviewed
CVE-2026-62209
was published
Jul 17, 2026
OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability that allows...
High
Unreviewed
CVE-2026-62207
was published
Jul 17, 2026
OpenClaw versions before 2026.6.6 contain an environment variable filtering vulnerability in host...
High
Unreviewed
CVE-2026-62203
was published
Jul 17, 2026
OpenClaw versions 2026.6.1 before 2026.6.9 contain a privilege escalation vulnerability in...
High
Unreviewed
CVE-2026-62202
was published
Jul 17, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in...
High
Unreviewed
CVE-2026-58598
was published
Jul 17, 2026
A time-of-check to time-of-use (TOCTOU) race condition in the installation and uninstallation...
High
Unreviewed
CVE-2026-53411
was published
Jul 17, 2026
Integer overflow or wraparound in Windows Terminal allows an unauthorized attacker to execute...
High
Unreviewed
CVE-2026-59117
was published
Jul 17, 2026
YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via an unbounded newline...
High
Unreviewed
CVE-2026-57077
was published
Jul 17, 2026
YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as...
High
Unreviewed
CVE-2026-57076
was published
Jul 17, 2026
Improper Privilege Management in Zoom Rooms for Windows before version 7.1.0 may allow an...
High
Unreviewed
CVE-2026-53409
was published
Jul 16, 2026
A time-of-check to time-of-use (TOCTOU) race condition in the installation and uninstallation...
High
Unreviewed
CVE-2026-53410
was published
Jul 16, 2026
SALTO ProAccess Space software using the tenancy feature / logical
partition is vulnerable to a...
High
Unreviewed
CVE-2026-11889
was published
Jul 16, 2026
An out-of-bounds write vulnerability in the Productivity Suite allows a
local attacker to...
High
Unreviewed
CVE-2026-60063
was published
Jul 16, 2026
An out-of-bounds write vulnerability in the Productivity Suite allows a
local attacker to...
High
Unreviewed
CVE-2026-61389
was published
Jul 16, 2026
remorses/genql before version 6.3.4 allows an authenticated attacker with control of the GraphQL...
High
Unreviewed
CVE-2026-63397
was published
Jul 16, 2026
Directory traversal vulnerability in Kerlink Kerlink Wirnet iStation 868 KerOS v.4.3...
High
Unreviewed
CVE-2024-32386
was published
Jul 16, 2026
EQ-3 Eqiva CC-RT-BLE Bluetooth Smart Radiator Thermostat Firmware up to the latest version 1.46...
High
Unreviewed
CVE-2024-34268
was published
Jul 16, 2026
A vulnerability exists in the Health & Safety (HS) application of NASA's Core Flight System (cFS)...
High
Unreviewed
CVE-2026-15352
was published
Jul 16, 2026
ArcadeDB has cross-database IDOR: /ts/*, /batch/*, Prometheus and Grafana handlers bypass authorization
High
GHSA-x8mg-6r4p-87pf
was published
for
com.arcadedb:arcadedb-server
(Maven)
Jul 16, 2026
ArcadeDB: Scripting authorization gate (GHSA-48qw-824m-86pr) bypassed via SQL DEFINE FUNCTION ... LANGUAGE js
High
GHSA-vwjc-v7x7-cm6g
was published
for
com.arcadedb:arcadedb-engine
(Maven)
Jul 16, 2026
ArcadeDB: Trigger scripts run with java.lang.* allowed, enabling OS command execution (RCE)
High
GHSA-x9f9-r4m8-9xc2
was published
for
com.arcadedb:arcadedb-engine
(Maven)
Jul 16, 2026
MCP Python SDK: WebSocket server transport does not support Host/Origin validation
High
CVE-2026-59950
was published
for
mcp
(pip)
Jul 16, 2026
ArcadeDB: Privilege escalation via reader role in /api/v1/command JS scripting language — arbitrary host file read
High
GHSA-48qw-824m-86pr
was published
for
com.arcadedb:arcadedb-server
(Maven)
Jul 16, 2026
Pheditor: Incomplete command sanitization in terminal feature allows RCE via pipe operator, backtick substitution, and newline injection
High
CVE-2026-55578
was published
for
pheditor/pheditor
(Composer)
Jul 16, 2026
ProTip!
Advisories are also available from the
GraphQL API