Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

566 advisories

Loading
The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have... Moderate Unreviewed
CVE-2026-4482 was published Apr 10, 2026
OpenClaw: Telegram legacy allowFrom migration fans default-account trust into all named accounts Moderate
GHSA-f693-58pc-2gfr was published for openclaw (npm) Apr 3, 2026
smaeljaish771 Credited to smaeljaish771 and KeenSecurityLab KeenSecurityLab KeenSecurityLab
Local privilege escalation due to insecure folder permissions. The following products are... Moderate Unreviewed
CVE-2026-33271 was published Apr 2, 2026
Claude SDK for Python has Insecure Default File Permissions in Local Filesystem Memory Tool Moderate
CVE-2026-34450 was published for anthropic (pip) Apr 1, 2026
gn00295120 Credited to gn00295120
Mattermost doesn't set permissions on downloaded bulk export Moderate
CVE-2026-3113 was published for github.com/mattermost/mattermost-server (Go) Mar 26, 2026
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Moderate Unreviewed
CVE-2026-28829 was published Mar 25, 2026
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia... Moderate Unreviewed
CVE-2026-20693 was published Mar 25, 2026
Apache Airflow: DAG authorization bypass Moderate
CVE-2026-28563 was published for apache-airflow (pip) Mar 17, 2026
Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file... Moderate Unreviewed
CVE-2026-29516 was published Mar 16, 2026
OpenClaw session transcript files were created without forced user-only permissions Moderate
CVE-2026-33572 was published for openclaw (npm) Mar 16, 2026
hsongkai11 Credited to hsongkai11
SiYuan's renderSprig has a missing admin check that allows any user to read full workspace DB Moderate
CVE-2026-32704 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 13, 2026
fg0x0 Credited to fg0x0
An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control... Moderate Unreviewed
CVE-2025-15037 was published Mar 12, 2026
An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get... Moderate Unreviewed
CVE-2025-41712 was published Mar 10, 2026
Sensitive information disclosure due to improper configuration of a headless browser. The... Moderate Unreviewed
CVE-2026-28725 was published Mar 6, 2026
Credentials are not deleted from Acronis Agent after plan revocation. The following products are... Moderate Unreviewed
CVE-2025-11790 was published Mar 6, 2026
Credentials are not deleted from Acronis Agent after plan revocation. The following products are... Moderate Unreviewed
CVE-2025-30413 was published Mar 6, 2026
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for... Moderate Unreviewed
CVE-2025-12801 was published Mar 4, 2026
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded... Moderate Unreviewed
CVE-2025-70342 was published Mar 4, 2026
IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0... Moderate Unreviewed
CVE-2025-14604 was published Mar 3, 2026
OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns Moderate
CVE-2026-32048 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File... Moderate Unreviewed
CVE-2026-26100 was published Feb 20, 2026
Kata Container to Guest micro VM privilege escalation Moderate
CVE-2026-24834 was published for github.com/kata-containers/kata-containers/src/runtime (Go) Feb 19, 2026
kostya-oai Credited to kostya-oai, sprt, fidencio, and stevenhorsman sprt sprt
fidencio fidencio stevenhorsman stevenhorsman
Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal. Moderate Unreviewed
CVE-2026-1344 was published Feb 18, 2026
Incorrect permission assignment for critical resource for some System Firmware Update Utility ... Moderate Unreviewed
CVE-2025-35999 was published Feb 10, 2026
Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in... Moderate Unreviewed
CVE-2025-14740 was published Feb 4, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database