Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

614 advisories

Loading
ouroboros-ai Vulnerable to Remote Code Execution via Untrusted Project-Directory .env High
CVE-2026-47211 was published for ouroboros-ai (pip) May 29, 2026
qerogram Credited to qerogram
RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM Moderate
CVE-2026-45792 was published for rtk (Rust) May 20, 2026
afogel Credited to afogel
Turbo: Unexpected local code execution during Yarn Berry detection Low
CVE-2026-45772 was published for @turbo/codemod (npm) May 19, 2026
Algernon: handler.lua discovery walks parent directories above the server root Critical
CVE-2026-45721 was published for github.com/xyproto/algernon (Go) May 19, 2026
Dredsen Credited to Dredsen
Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect™ app... Moderate Unreviewed
CVE-2026-0251 was published May 13, 2026
Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow... High Unreviewed
CVE-2026-30906 was published May 13, 2026
Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges... Moderate Unreviewed
CVE-2026-42830 was published May 12, 2026
CloudNativePG's metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE Critical
CVE-2026-44477 was published for github.com/cloudnative-pg/cloudnative-pg (Go) May 11, 2026
mdisec Credited to mdisec
A flaw was found in the OpenShift Container Platform build system. A user with the `edit`... Moderate Unreviewed
CVE-2026-7309 was published Apr 28, 2026
uutils coreutils has an Untrusted Search Path High
CVE-2026-35368 was published for coreutils (Rust) Apr 22, 2026
Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows Moderate
CVE-2026-35603 was published for @anthropic-ai/claude-code (npm) Apr 17, 2026
A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an... High Unreviewed
CVE-2026-6421 was published Apr 17, 2026
Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have... Low Unreviewed
CVE-2026-40947 was published Apr 16, 2026
Adobe Framemaker versions 2022.8 and earlier are affected by an Untrusted Search Path... High Unreviewed
CVE-2026-27290 was published Apr 15, 2026
PraisonAI Vulnerable to RCE via Automatic tools.py Import High
CVE-2026-40287 was published for PraisonAI (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading High
CVE-2026-40156 was published for praisonai (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking High
CVE-2026-39883 was published for go.opentelemetry.io/otel/sdk (Go) Apr 8, 2026
kodareef5 Credited to kodareef5 and dmathieu dmathieu dmathieu
OpenClaw Has Incomplete Fix for CVE-2026-4039: CLI Backend Environment Variable Injection via Workspace Config High
CVE-2026-41384 was published for openclaw (npm) Apr 7, 2026
YLChen-007 Credited to YLChen-007
Local privilege escalation in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0... Critical Unreviewed
CVE-2025-39666 was published Apr 7, 2026
Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a... High Unreviewed
CVE-2022-4987 was published Apr 3, 2026
The application's installer runs with elevated privileges but resolves system executables and... High Unreviewed
CVE-2026-3780 was published Apr 1, 2026
OpenClaw has a CWD `.env` environment variable injection which bypasses host-env policy and allows config takeover Critical
CVE-2026-41294 was published for openclaw (npm) Apr 1, 2026
tdjackey Credited to tdjackey
OpenClaw has an Arbitrary Malicious Code Execution Vulnerability High
CVE-2026-35641 was published for openclaw (npm) Mar 30, 2026
ChangeYourWay Credited to ChangeYourWay
A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some... High Unreviewed
CVE-2026-4962 was published Mar 27, 2026
A weakness has been identified in Flos Freeware Notepad2 4.2.25. This impacts an unknown function... High Unreviewed
CVE-2026-4546 was published Mar 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database