Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,580
Maven
5,000+
npm
5,000+
NuGet
919
pip
4,816
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

532 advisories

Loading
A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the chcon utility of uutils... Moderate Unreviewed
CVE-2026-35376 was published Apr 22, 2026
A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the split utility of uutils... Moderate Unreviewed
CVE-2026-35374 was published Apr 22, 2026
A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the install utility of uutils... Moderate Unreviewed
CVE-2026-35356 was published Apr 22, 2026
The cp utility in uutils coreutils is vulnerable to an information disclosure race condition.... Moderate Unreviewed
CVE-2026-35357 was published Apr 22, 2026
The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU)... Moderate Unreviewed
CVE-2026-35360 was published Apr 22, 2026
A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mv utility of uutils... Moderate Unreviewed
CVE-2026-35364 was published Apr 22, 2026
The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU)... Moderate Unreviewed
CVE-2026-35355 was published Apr 22, 2026
The safe_traversal module in uutils coreutils, which provides protection against Time-of-Check to... Low Unreviewed
CVE-2026-35362 was published Apr 22, 2026
The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by... Low Unreviewed
CVE-2026-35353 was published Apr 22, 2026
A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the mv utility of uutils... Moderate Unreviewed
CVE-2026-35354 was published Apr 22, 2026
A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mkfifo utility of uutils... High Unreviewed
CVE-2026-35352 was published Apr 22, 2026
Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token... Moderate Unreviewed
CVE-2026-22751 was published Apr 21, 2026
When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function... Low Unreviewed
CVE-2026-5958 was published Apr 20, 2026
Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2... Moderate Unreviewed
CVE-2026-3590 was published Apr 17, 2026
Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure) High
GHSA-2x8m-83vc-6wv4 was published for flowise (npm) Apr 16, 2026
ESPanda666 Credited to ESPanda666 and JLLeitschuh JLLeitschuh JLLeitschuh
OpenClaw: TOCTOU read in exec script preflight Low
GHSA-gj9q-8w99-mp8j was published for openclaw (npm) Apr 16, 2026
kikayli Credited to kikayli
A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member... Moderate Unreviewed
CVE-2026-3428 was published Apr 16, 2026
An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub... Moderate Unreviewed
CVE-2026-1880 was published Apr 16, 2026
Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker... High Unreviewed
CVE-2026-27929 was published Apr 14, 2026
OpenClaw: Sandbox escape via TOCTOU race in remote FS bridge readFile Critical
CVE-2026-41296 was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: Sandbox file operations use check-then-act, bypassing fd-based TOCTOU defenses Moderate
GHSA-rm5c-4rmf-vvhw was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows... High Unreviewed
CVE-2026-30332 was published Apr 2, 2026
ONNX: TOCTOU arbitrary file read/write in save_external_dat High
GHSA-q56x-g2fj-4rj6 was published for onnx (pip) Apr 1, 2026
tsigouris007 Credited to tsigouris007 and kpatsakis kpatsakis kpatsakis
Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape Moderate
CVE-2026-34452 was published for anthropic (pip) Apr 1, 2026
Duplicate Advisory: OpenClaw: Sandbox `writeFile` commit could race outside the validated path Moderate
GHSA-xxj4-96ph-g6j6 was published for openclaw (npm) Mar 31, 2026 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database