Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,227
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,502
Pub
12
RubyGems
995
Rust
1,187
Swift
51
Unreviewed advisories
All unreviewed
5,000+

186 advisories

Loading
OpenClaw versions prior to 2026.3.2 contain a race condition vulnerability in ZIP extraction that... Moderate Unreviewed
CVE-2026-27670 was published Mar 19, 2026
OpenClaw versions prior to 2026.3.1 fail to pin executable identity for non-path-like argv[0]... Moderate Unreviewed
CVE-2026-31997 was published Mar 19, 2026
In the Linux kernel, the following vulnerability has been resolved: bonding: annotate data-races... Moderate Unreviewed
CVE-2026-23212 was published Feb 18, 2026
In the Linux kernel, the following vulnerability has been resolved: md: suspend array while... Moderate Unreviewed
CVE-2025-71225 was published Feb 18, 2026
OpenClaw: Unified root-bound write hardening for browser output and related path-boundary flows Moderate
CVE-2026-22180 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
In OpenBSD 7.4 before errata 009, a race condition between pf(4)'s processing of packets and... Moderate Unreviewed
CVE-2023-52556 was published Mar 1, 2024
OpenClaw: Sandbox `writeFile` commit could race outside the validated path Moderate
GHSA-xvx8-77m6-gwg6 was published for openclaw (npm) Mar 13, 2026
qi-scape Credited to qi-scape
OpenClaw's skills-install-download can be redirected outside the tools root by rebinding the validated base path Moderate
GHSA-vhwf-4x96-vqx2 was published for openclaw (npm) Mar 12, 2026
tdjackey Credited to tdjackey
OpenClaw's system.run approvals did not bind mutable script operands across approval and execution Moderate
GHSA-8g75-q649-6pv6 was published for openclaw (npm) Mar 12, 2026
tdjackey Credited to tdjackey
Time-of-check time-of-use race condition in the UEFI PdaSmm module for some Intel(R) reference... Moderate Unreviewed
CVE-2025-22850 was published Mar 11, 2026
In MAE, there is a possible out of bounds write due to a race condition. This could lead to local... Moderate Unreviewed
CVE-2026-20438 was published Mar 2, 2026
In MDDP, there is a possible system crash due to a race condition. This could lead to local... Moderate Unreviewed
CVE-2026-20445 was published Mar 2, 2026
A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the... Moderate Unreviewed
CVE-2023-6917 was published Feb 28, 2024
Craft CMS Race condition in Token Service potentially allows for token usage greater than the token limit Moderate
CVE-2026-27128 was published for craftcms/cms (Composer) Feb 23, 2026
vitalysim Credited to vitalysim
Indico has Server-Side Request Forgery (SSRF) in multiple places Moderate
CVE-2026-25738 was published for indico (pip) Feb 17, 2026
rahulgovind Credited to rahulgovind, inkz, and yueyueL inkz inkz
yueyueL yueyueL
A Time-of-check time-of-use (TOCTOU) race condition in the SMM communications buffer could allow... Moderate Unreviewed
CVE-2024-36311 was published Feb 10, 2026
miniserve affected by a TOCTOU and symlink race vulnerability Moderate
CVE-2025-67124 was published for miniserve (Rust) Jan 23, 2026
Outray cli is vulnerable to race conditions in tunnels creation Moderate
CVE-2026-22820 was published for outray (npm) Jan 13, 2026
gr33pp Credited to gr33pp and SENSEiXENUS SENSEiXENUS SENSEiXENUS
A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC... Moderate Unreviewed
CVE-2026-21912 was published Jan 15, 2026
filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock Moderate
CVE-2026-22701 was published for filelock (pip) Jan 13, 2026
tsigouris007 Credited to tsigouris007
In JetBrains dotTrace before 2025.2.5 local privilege escalation possible via race condition Moderate Unreviewed
CVE-2025-64457 was published Nov 10, 2025
In the Linux kernel, the following vulnerability has been resolved: media: rainshadow-cec: fix... Moderate Unreviewed
CVE-2025-39713 was published Sep 5, 2025
Memory corruption while processing a config call from userspace. Moderate Unreviewed
CVE-2025-47332 was published Jan 7, 2026
Memory corruption while handling sensor utility operations. Moderate Unreviewed
CVE-2025-47344 was published Jan 7, 2026
Nest has a Fastify URL Encoding Middleware Bypass (TOCTOU) Moderate
CVE-2025-69211 was published for @nestjs/platform-fastify (npm) Dec 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database