Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,153
Maven
5,000+
npm
5,000+
NuGet
861
pip
4,451
Pub
12
RubyGems
991
Rust
1,179
Swift
50
Unreviewed advisories
All unreviewed
5,000+

1,029 advisories

Loading
Exposure of resource to wrong sphere in the UEFI PdaSmm module for some Intel(R) reference... Moderate Unreviewed
CVE-2025-22444 was published Mar 11, 2026
AVideo: Unauthenticated PHP session store exposed to host network via published memcached port High
CVE-2026-29093 was published for wwbn/avideo (Composer) Mar 5, 2026
bugbunny-research Credited to bugbunny-research
The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly... Moderate Unreviewed
CVE-2026-2297 was published Mar 5, 2026
OpenClaw: Hardlink alias checks could bypass workspace-only file boundaries in specific configurations High
GHSA-3jx4-q2m7-r496 was published for openclaw (npm) Mar 4, 2026
tdjackey Credited to tdjackey
Dark Reader gives users the ability to request style sheets from local web servers Low
CVE-2025-68467 was published for darkreader (npm) Mar 4, 2026
Skill-scanner Unsecured Network Binding Vulnerability Moderate
CVE-2026-26057 was published for cisco-ai-skill-scanner (pip) Feb 17, 2026
RichardoC Credited to RichardoC and vineethsai7 vineethsai7 vineethsai7
Binding to an unrestricted ip address in Azure IoT SDK allows an unauthorized attacker to... Moderate Unreviewed
CVE-2026-21528 was published Feb 10, 2026
Claude Code has Sandbox Escape via Persistent Configuration Injection in settings.json High
CVE-2026-25725 was published for @anthropic-ai/claude-code (npm) Feb 6, 2026
n8n's Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner High
CVE-2025-61917 was published for n8n (npm) Feb 4, 2026
OpenClaw/Clawdbot has 1-Click RCE via Authentication Token Exfiltration From gatewayUrl High
CVE-2026-25253 was published for clawdbot (npm) Feb 2, 2026
DepthFirstDisclosures Credited to DepthFirstDisclosures, 0xacb, and mavlevin 0xacb 0xacb
mavlevin mavlevin
Hono has an Arbitrary Key Read in Serve static Middleware (Cloudflare Workers Adapter) Moderate
CVE-2026-24473 was published for hono (npm) Jan 27, 2026
kilkat Credited to kilkat and JungJoonWoo JungJoonWoo JungJoonWoo
In the Linux kernel, the following vulnerability has been resolved: media: i2c: max9286: fix... High Unreviewed
CVE-2022-49509 was published Jan 22, 2026
VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier,... High Unreviewed
CVE-2026-23763 was published Jan 22, 2026
Intermediate register values of secure workloads can be exfiltrated in workloads scheduled from... Critical Unreviewed
CVE-2025-25176 was published Jan 13, 2026
Ksenia Security Lares 4.0 Home Automation version 1.6 contains a critical security flaw that... Critical Unreviewed
CVE-2025-15114 was published Dec 31, 2025
Agno session state overwrites between different sessions/users High
CVE-2025-64168 was published for agno (pip) Oct 31, 2025
JasonLovesDoggo Credited to JasonLovesDoggo and dirkbrnd dirkbrnd dirkbrnd
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix... High Unreviewed
CVE-2023-53392 was published Sep 18, 2025
In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in... High Unreviewed
CVE-2025-38670 was published Aug 22, 2025
A vulnerability was identified in Docker Desktop that allows local running Linux containers to... Critical Unreviewed
CVE-2025-9074 was published Aug 20, 2025
In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix kernel... High Unreviewed
CVE-2025-38521 was published Aug 16, 2025
CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram... Moderate Unreviewed
CVE-2025-6788 was published Jul 11, 2025
HashiCorp Vagrant has code injection vulnerability through default synced folders Moderate
CVE-2025-34075 was published for vagrant (RubyGems) Jul 2, 2025
Software installed and running inside a Guest VM may override Firmware's state and gain access to... Moderate Unreviewed
CVE-2025-46707 was published Jun 27, 2025
Quarkus potentially leaks data when duplicating a duplicated context Moderate
CVE-2025-49574 was published for io.quarkus:quarkus-vertx (Maven) Jun 23, 2025
markusdlugi Credited to markusdlugi
In the Linux kernel, the following vulnerability has been resolved: riscv: Fix kernel crash due... Moderate Unreviewed
CVE-2025-37966 was published May 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database