Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

1,070 advisories

Loading
PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger... High Unreviewed
CVE-2026-56077 was published Jun 19, 2026
PraisonAI SandlockSandbox falls back to unrestricted subprocess execution when Landlock is unavailable High
GHSA-6jcq-6546-qrrw was published for praisonai (pip) Jun 18, 2026
rexpository Credited to rexpository
OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session... Low Unreviewed
CVE-2026-53826 was published Jun 13, 2026
File Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-existent Path High
CVE-2026-54096 was published for github.com/filebrowser/filebrowser (Go) Jun 12, 2026
quart27219 Credited to quart27219, kimdu0, and hacdias kimdu0 kimdu0
hacdias hacdias
OpenFGA has cache-key delimiter injection in shared-iterator and v2 iterator that caches enables intra-store authorization-decision poisoning Moderate
CVE-2026-48096 was published for github.com/openfga/openfga (Go) Jun 11, 2026
j4xT Credited to j4xT
A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author... Critical Unreviewed
CVE-2026-42535 was published Jun 8, 2026
Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations contain a local... High Unreviewed
CVE-2025-15653 was published Jun 3, 2026
Ironic Standalone Operator's prometheus metrics exporter bound to all interfaces Moderate
GHSA-7cwm-fpfh-rrch was published for github.com/metal3-io/ironic-standalone-operator (Go) May 29, 2026
NodeVM observability builtins leak host process and HTTP request data Moderate
CVE-2026-47141 was published for vm2 (npm) May 29, 2026
spbavarva Credited to spbavarva
Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener High
CVE-2026-45077 was published for symfony/monolog-bridge (Composer) May 27, 2026
snoopysecurity Credited to snoopysecurity, nicolas-grekas, and a-tt-om nicolas-grekas nicolas-grekas
a-tt-om a-tt-om
Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS Moderate
CVE-2026-46430 was published for github.com/xyproto/algernon (Go) May 20, 2026
Dredsen Credited to Dredsen
Information disclosure, sandbox escape in the Security: Process Sandboxing component. This... High Unreviewed
CVE-2026-8958 was published May 19, 2026
The additional_tables configuration of the page and tt_content indexers accepts arbitrary table... Moderate Unreviewed
CVE-2026-46723 was published May 19, 2026
vm2 Has a Sandbox Breakout Using Async Generator Critical
CVE-2026-45411 was published for vm2 (npm) May 14, 2026
XmiliaH Credited to XmiliaH
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program... Low Unreviewed
CVE-2026-34094 was published May 11, 2026
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program... Low Unreviewed
CVE-2026-34095 was published May 11, 2026
PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution High
CVE-2026-44338 was published for PraisonAI (pip) May 11, 2026
shmulc8 Credited to shmulc8
Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning High
CVE-2026-44552 was published for open-webui (pip) May 8, 2026
Classic298 Credited to Classic298
vm2 has Sandbox Breakout Through Null Proto Exception Critical
CVE-2026-44009 was published for vm2 (npm) May 8, 2026
XmiliaH Credited to XmiliaH
vm2 has sandbox breakout via `neutralizeArraySpeciesBatch` Critical
CVE-2026-44008 was published for vm2 (npm) May 8, 2026
XmiliaH Credited to XmiliaH
vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary Moderate
CVE-2026-44000 was published for vm2 (npm) May 7, 2026
fasrm Credited to fasrm
External Secrets Operator has Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore Moderate
CVE-2026-42875 was published for github.com/external-secrets/external-secrets (Go) May 5, 2026
moolen Credited to moolen
Duplicate Advisory: OpenClaw: Host exec environment sanitization misses package, registry, Docker, compiler, and TLS override variables High
GHSA-5mh4-3rv3-fpcf was published for openclaw (npm) Apr 28, 2026 withdrawn
OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in... Low Unreviewed
CVE-2026-41362 was published Apr 28, 2026
OpenClaw before 2026.3.28 contains an environment variable disclosure vulnerability in the jq... High Unreviewed
CVE-2026-41368 was published Apr 28, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database