Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,175
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

79 advisories

Loading
turso-cli persists Turso platform JWT with world-readable (0o644) file permissions Moderate
CVE-2026-48790 was published for github.com/tursodatabase/turso-cli (Go) Jun 26, 2026
nextflow auth login command has incorrect default permissions Moderate
CVE-2026-48722 was published for io.nextflow:nextflow (Maven) Jun 25, 2026
motionEye's World-Readable Configuration File Exposes Admin Password Hash Moderate
CVE-2026-32315 was published for motioneye (pip) Jun 22, 2026
dimashn04 Credited to dimashn04, 0xLynk, and MichaIng 0xLynk 0xLynk
MichaIng MichaIng
Duplicate Advisory: Config recovery could restore openclaw.json with broad file permissions Moderate
GHSA-vqj9-vhg4-27mg was published for openclaw (npm) Jun 16, 2026 withdrawn
@steipete/summarize allows local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json Moderate
CVE-2026-45222 was published for @steipete/summarize (npm) May 11, 2026
@axonflow/openclaw fix introduces plugin cache and credential-file permission hardening Moderate
GHSA-cqmh-pcgr-q42f was published for @axonflow/openclaw (npm) May 6, 2026
Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool Moderate
CVE-2026-41686 was published for @anthropic-ai/sdk (npm) Apr 29, 2026
gn00295120 Credited to gn00295120
OpenClaw: Telegram legacy allowFrom migration fans default-account trust into all named accounts Moderate
GHSA-f693-58pc-2gfr was published for openclaw (npm) Apr 3, 2026
smaeljaish771 Credited to smaeljaish771 and KeenSecurityLab KeenSecurityLab KeenSecurityLab
Claude SDK for Python has Insecure Default File Permissions in Local Filesystem Memory Tool Moderate
CVE-2026-34450 was published for anthropic (pip) Apr 1, 2026
gn00295120 Credited to gn00295120
Mattermost doesn't set permissions on downloaded bulk export Moderate
CVE-2026-3113 was published for github.com/mattermost/mattermost-server (Go) Mar 26, 2026
Apache Airflow: DAG authorization bypass Moderate
CVE-2026-28563 was published for apache-airflow (pip) Mar 17, 2026
OpenClaw session transcript files were created without forced user-only permissions Moderate
CVE-2026-33572 was published for openclaw (npm) Mar 16, 2026
hsongkai11 Credited to hsongkai11
SiYuan's renderSprig has a missing admin check that allows any user to read full workspace DB Moderate
CVE-2026-32704 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 13, 2026
fg0x0 Credited to fg0x0
OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns Moderate
CVE-2026-32048 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
Kata Container to Guest micro VM privilege escalation Moderate
CVE-2026-24834 was published for github.com/kata-containers/kata-containers/src/runtime (Go) Feb 19, 2026
kostya-oai Credited to kostya-oai, sprt, fidencio, and stevenhorsman sprt sprt
fidencio fidencio stevenhorsman stevenhorsman
pnpm has Path Traversal via arbitrary file permission modification Moderate
CVE-2026-24131 was published for pnpm (npm) Jan 26, 2026
mldangelo Credited to mldangelo
Liferay has Incorrect Permission Assignment for Critical Resource Moderate
CVE-2025-62251 was published for com.liferay:com.liferay.site.navigation.menu.item.asset.vocabulary (Maven) Oct 14, 2025
Liferay Portal Commerce component has Incorrect Permission Assignment for Critical Resource Moderate
CVE-2025-43808 was published for com.liferay.commerce:com.liferay.commerce.product.type.virtual.service (Maven) Sep 19, 2025
Liferay Portal users are able to add system admin portlets to pages Moderate
CVE-2025-43759 was published for com.liferay:com.liferay.layout.impl (Maven) Aug 22, 2025
Apache Hive Incorrectly Assigns Permissions for a Critical Resource Moderate
CVE-2024-29869 was published for org.apache.hive:hive-exec (Maven) Jan 29, 2025
snapd failed to restrict writes to the $HOME/bin path Moderate
CVE-2024-1724 was published for github.com/snapcore/snapd (Go) Jul 25, 2024
Moby (Docker Engine) started with non-empty inheritable Linux process capabilities Moderate
CVE-2022-24769 was published for github.com/docker/docker (Go) Apr 22, 2024
AndrewGMorgan Credited to AndrewGMorgan
Spring Security's spring-security.xsd file is world writable Moderate
CVE-2023-34042 was published for org.springframework.security:spring-security-config (Maven) Feb 6, 2024
Moby (Docker Engine) Insufficiently restricted permissions on data directory Moderate
CVE-2021-41091 was published for github.com/docker/docker (Go) Jan 31, 2024
joanbm Credited to joanbm, AlonZa, and neersighted AlonZa AlonZa
neersighted neersighted
Privilege Escalation in HashiCorp Consul Moderate
CVE-2020-28053 was published for github.com/hashicorp/consul (Go) Jan 31, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database