Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,580
Maven
5,000+
npm
5,000+
NuGet
919
pip
4,817
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

581 advisories

Loading
Apache Airflow exposes SQL stack trace despite "api/expose_stack_traces" set to false Moderate
CVE-2026-30912 was published for apache-airflow-core (pip) Apr 18, 2026
OpenClaw: Shared reply MEDIA - paths are treated as trusted and can trigger cross-channel local file exfiltration Moderate
GHSA-qqq7-4hxc-x63c was published for openclaw (npm) Apr 9, 2026
threalwinky Credited to threalwinky
Apache Airflow has an authorization bypass in DagRun wait endpoint Moderate
CVE-2026-34538 was published for apache-airflow (pip) Apr 9, 2026
PraisonAI has Memory State Leakage and Path Traversal in MultiAgent Context Handling Moderate
GHSA-766v-q9x3-g744 was published for praisonaiagents (pip) Apr 8, 2026
offset Credited to offset
Electron: Named window.open targets not scoped to the opener's browsing context Moderate
CVE-2026-34765 was published for electron (npm) Apr 7, 2026
HO-9 Credited to HO-9 and HanJeouk HanJeouk HanJeouk
SandboxJS: Sandbox Escape via Prop Object Leak in New Handler Moderate
CVE-2026-34217 was published for @nyariv/sandboxjs (npm) Apr 3, 2026
chawdamrunal Credited to chawdamrunal
OpenClaw: Image Tool `tools.fs.workspaceOnly` Bypass via Sandbox Bridge Mounts Moderate
CVE-2026-35658 was published for openclaw (npm) Mar 26, 2026
YLChen-007 Credited to YLChen-007
Exposure of resource to wrong sphere in the UEFI PdaSmm module for some Intel(R) reference... Moderate Unreviewed
CVE-2025-22444 was published Mar 11, 2026
The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly... Moderate Unreviewed
CVE-2026-2297 was published Mar 5, 2026
Skill-scanner Unsecured Network Binding Vulnerability Moderate
CVE-2026-26057 was published for cisco-ai-skill-scanner (pip) Feb 17, 2026
RichardoC Credited to RichardoC and vineethsai7 vineethsai7 vineethsai7
Binding to an unrestricted ip address in Azure IoT SDK allows an unauthorized attacker to... Moderate Unreviewed
CVE-2026-21528 was published Feb 10, 2026
Hono has an Arbitrary Key Read in Serve static Middleware (Cloudflare Workers Adapter) Moderate
CVE-2026-24473 was published for hono (npm) Jan 27, 2026
kilkat Credited to kilkat and JungJoonWoo JungJoonWoo JungJoonWoo
CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram... Moderate Unreviewed
CVE-2025-6788 was published Jul 11, 2025
HashiCorp Vagrant has code injection vulnerability through default synced folders Moderate
CVE-2025-34075 was published for vagrant (RubyGems) Jul 2, 2025
Software installed and running inside a Guest VM may override Firmware's state and gain access to... Moderate Unreviewed
CVE-2025-46707 was published Jun 27, 2025
Quarkus potentially leaks data when duplicating a duplicated context Moderate
CVE-2025-49574 was published for io.quarkus:quarkus-vertx (Maven) Jun 23, 2025
markusdlugi Credited to markusdlugi
In the Linux kernel, the following vulnerability has been resolved: riscv: Fix kernel crash due... Moderate Unreviewed
CVE-2025-37966 was published May 20, 2025
Unregistered users can see "public" messages from a closed wiki via notifications from a different wiki Moderate
CVE-2025-32783 was published for org.xwiki.platform:xwiki-platform-messagestream (Maven) Apr 16, 2025
Apache Cassandra: unrestricted deserialization of JMX authentication credentials Moderate
CVE-2024-27137 was published for org.apache.cassandra:cassandra-all (Maven) Feb 4, 2025
Dell NativeEdge, version(s) 2.1.0.0, contain(s) a Creation of Temporary File With Insecure... Moderate Unreviewed
CVE-2024-52543 was published Dec 25, 2024
A partial fix for  CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of... Moderate Unreviewed
CVE-2024-40725 was published Jul 18, 2024
An Exposure of Resource to Wrong Sphere vulnerability in the sampling service of Juniper Networks... Moderate Unreviewed
CVE-2024-39553 was published Jul 11, 2024
IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web... Moderate Unreviewed
CVE-2024-22333 was published Jun 13, 2024
CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH interface... Moderate Unreviewed
CVE-2024-5313 was published Jun 12, 2024
In the Linux kernel, the following vulnerability has been resolved: tipc: fix kernel warning... Moderate Unreviewed
CVE-2023-52700 was published May 21, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database