Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

476 advisories

Loading
Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a... High Unreviewed
CVE-2024-23304 was published Feb 6, 2024
electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only) High
CVE-2024-27303 was published for app-builder-lib (npm) Mar 4, 2024
bruno-1337 Credited to bruno-1337
Illustrator versions 29.8.4, 30.1 and earlier are affected by an Untrusted Search Path... High Unreviewed
CVE-2026-21333 was published Mar 11, 2026
Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally. High Unreviewed
CVE-2026-25190 was published Mar 10, 2026
A weakness has been identified in UltraVNC 1.6.4.0 on Windows. This affects an unknown function... High Unreviewed
CVE-2026-3787 was published Mar 9, 2026
OpenClaw's `tools.exec.safeBins` PATH-hijack allowed trojan binaries to bypass allowlist checks High
GHSA-g75x-8qqm-2vxp was published for openclaw (npm) Mar 3, 2026
jackhax Credited to jackhax
OpenClaw: system.run approvals did not bind PATH-token executable identity, enabling post-approval executable rebind High
GHSA-q399-23r3-hfx4 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking High
CVE-2026-24051 was published for go.opentelemetry.io/otel/sdk (Go) Feb 2, 2026
MorielHarush Credited to MorielHarush, pellared, and arminru pellared pellared
arminru arminru
A weakness has been identified in VeePN up to 1.6.2. This affects an unknown function of the file... High Unreviewed
CVE-2025-12286 was published Oct 27, 2025
ERP developed by eAI Technologies has a DLL Hijacking vulnerability, allowing authenticated local... High Unreviewed
CVE-2026-2998 was published Feb 23, 2026
A weakness has been identified in Total VPN 0.5.29.0 on Windows. Affected by this vulnerability... High Unreviewed
CVE-2026-2542 was published Feb 16, 2026
A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25.... High Unreviewed
CVE-2026-2538 was published Feb 16, 2026
A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4 on 32-bit... High Unreviewed
CVE-2026-2516 was published Feb 15, 2026
SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal High
CVE-2026-25992 was published for github.com/siyuan-note/siyuan/kernel (Go) Jan 28, 2026
EaEa0001 Credited to EaEa0001
A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the... High Unreviewed
CVE-2025-15569 was published Feb 10, 2026
A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead... High Unreviewed
CVE-2026-0662 was published Feb 4, 2026
During the installation of the Native Access application, a privileged helper `com.native... High Unreviewed
CVE-2026-24070 was published Feb 2, 2026
An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local... High Unreviewed
CVE-2025-12793 was published Jan 6, 2026
Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untrusted Search Path... High Unreviewed
CVE-2026-21280 was published Jan 13, 2026
Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally. High Unreviewed
CVE-2026-20943 was published Jan 13, 2026
Untrusted search path in auth_query connection handler in PgBouncer before 1.25.0 allows an... High Unreviewed
CVE-2025-12819 was published Dec 3, 2025
LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities... High Unreviewed
CVE-2019-25257 was published Dec 24, 2025
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and... High Unreviewed
CVE-2025-64785 was published Dec 9, 2025
Yandex Telemost for Desktop before 2.7.0 has a DLL Hijacking Vulnerability because an untrusted... High Unreviewed
CVE-2024-12168 was published Jun 2, 2025
The Firefox installer on Windows can be made to load malicious DLL files stored in the same... High Unreviewed
CVE-2017-7755 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database