Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,585
Maven
5,000+
npm
5,000+
NuGet
923
pip
4,817
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

21 advisories

Loading
etcd vulnerable to TOCTOU of gateway endpoint authentication Low
GHSA-h8g9-6gvh-5mrc was published for go.etcd.io/etcd/v3 (Go) Oct 6, 2022
Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all Low
GHSA-mc8h-8q98-g5hr was published for remove_dir_all (Rust) Feb 24, 2023
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr Low
CVE-2017-18869 was published for chownr (npm) Feb 10, 2022
tdunlap607 Credited to tdunlap607
topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all Low
GHSA-f2wx-xjfw-xjv6 was published for topgrade (Rust) Jul 17, 2023
signed-log Credited to signed-log
Potential proxy IP restriction bypass in Kubernetes Low
CVE-2020-8562 was published for k8s.io/kubernetes (Go) Feb 2, 2022
enj Credited to enj
Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability Low
CVE-2025-24430 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability Low
CVE-2025-24432 was published for magento/community-edition (Composer) Feb 11, 2025
Snowflake Connector for .NET has race condition when checking access to Easy Logging configuration file Low
CVE-2025-46326 was published for Snowflake.Data (NuGet) Apr 28, 2025
NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration file Low
CVE-2025-46328 was published for snowflake-sdk (npm) Apr 28, 2025
Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations Low
CVE-2024-47813 was published for wasmtime (Rust) Oct 9, 2024
fitzgen Credited to fitzgen and alexcrichton alexcrichton alexcrichton
Go Snowflake Driver has race condition when checking access to Easy Logging configuration file Low
CVE-2025-46327 was published for github.com/snowflakedb/gosnowflake (Go) Apr 28, 2025
Turbo Frame responses can restore stale session cookies Low
CVE-2025-66803 was published for @hotwired/turbo (npm) Jan 20, 2026
domchristie Credited to domchristie, packagethief, and samoli packagethief packagethief
samoli samoli
Mattermost doesn't properly validate channel membership at the time of data retrieval Low
CVE-2026-20796 was published for github.com/mattermost/mattermost-server (Go) Feb 13, 2026
OpenClaw: Microsoft Teams media fetch paths bypass shared SSRF guard model Low
GHSA-7qf6-h84j-8fq4 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
Parse Server has a password reset token single-use bypass via concurrent requests Low
CVE-2026-32943 was published for parse-server (npm) Mar 17, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
Parse Server: MFA recovery code single-use bypass via concurrent requests Low
CVE-2026-33624 was published for parse-server (npm) Mar 24, 2026
mtrezza Credited to mtrezza and spbavarva spbavarva spbavarva
Handlebars.js has a Property Access Validation Bypass in container.lookup Low
GHSA-442j-39wm-28r2 was published for handlebars (npm) Mar 29, 2026
TinkAnet Credited to TinkAnet
Parse Server has an MFA single-use token bypass via concurrent authData login requests Low
CVE-2026-34224 was published for parse-server (npm) Mar 29, 2026
offset Credited to offset and mtrezza mtrezza mtrezza
Keycloak does not validate and update refresh token usage atomically Low
CVE-2026-1035 was published for org.keycloak:keycloak-services (Maven) Jan 21, 2026
OpenClaw may have stale policy enforcement for queued node actions Low
CVE-2026-35648 was published for openclaw (npm) Mar 26, 2026
zpbrent Credited to zpbrent
OpenClaw: TOCTOU read in exec script preflight Low
GHSA-gj9q-8w99-mp8j was published for openclaw (npm) Apr 16, 2026
kikayli Credited to kikayli
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database