Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,948
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,383
Swift
56
Unreviewed advisories
All unreviewed
5,000+

1,512 advisories

Loading
Incorrect permission assignment for critical resource issue exists in ServerView Agents for... High Unreviewed
CVE-2026-27788 was published Jun 1, 2026
Incorrect permission settings on a critical resource in Suprema BioStar 2 (versions 2.9.3 through... Critical Unreviewed
CVE-2026-9508 was published May 29, 2026
An Incorrect Permission Assignment for Critical Resource vulnerability in ASUS System Control... High Unreviewed
CVE-2026-7480 was published May 29, 2026
Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to... High Unreviewed
CVE-2026-8070 was published May 29, 2026
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0,... Moderate Unreviewed
CVE-2026-2254 was published May 27, 2026
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-43290 was published May 27, 2026
A high-severity vulnerability in the deployment of Genetec RabbitMQ that allows a privilege... High Unreviewed
CVE-2026-25112 was published May 26, 2026
Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free... Moderate Unreviewed
CVE-2026-45246 was published May 18, 2026
Electerm Local code through electerm's single-instance socket Critical
CVE-2026-45353 was published for electerm (npm) May 14, 2026
Curly-Haired-Baboon Credited to Curly-Haired-Baboon
Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) arp... High Unreviewed
CVE-2026-42937 was published May 13, 2026
A vulnerability exists in an undisclosed BIG-IP TMOS Shell (tmsh) command that may allow an... High Unreviewed
CVE-2026-41217 was published May 13, 2026
An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an... Moderate Unreviewed
CVE-2026-42058 was published May 13, 2026
Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh)... High Unreviewed
CVE-2026-41959 was published May 13, 2026
Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS shell (tmsh)... High Unreviewed
CVE-2026-40462 was published May 13, 2026
Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6... High Unreviewed
CVE-2026-8110 was published May 12, 2026
An incorrect permission assignment for critical resource of Ivanti Secure Access Client   before... Moderate Unreviewed
CVE-2026-7431 was published May 12, 2026
A configuration file on the local file system had improper input validation which could allow... Moderate Unreviewed
CVE-2026-1185 was published May 12, 2026
ACAP applications can gain elevated privileges due to improper input validation during the... Moderate Unreviewed
CVE-2026-0541 was published May 12, 2026
@steipete/summarize allows local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json Moderate
CVE-2026-45222 was published for @steipete/summarize (npm) May 11, 2026
@axonflow/openclaw fix introduces plugin cache and credential-file permission hardening Moderate
GHSA-cqmh-pcgr-q42f was published for @axonflow/openclaw (npm) May 6, 2026
Incorrect permission assignment for a resource in the patch management component of the... High Unreviewed
CVE-2026-41288 was published May 6, 2026
Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique... Low Unreviewed
CVE-2026-6499 was published May 4, 2026
Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool Moderate
CVE-2026-41686 was published for @anthropic-ai/sdk (npm) Apr 29, 2026
gn00295120 Credited to gn00295120
GNU nano creates the user’s ~/.local directory with overly permissive permissions when the... Low Unreviewed
CVE-2026-40556 was published Apr 28, 2026
OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in... Moderate Unreviewed
CVE-2026-41366 was published Apr 28, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database