Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,580
Maven
5,000+
npm
5,000+
NuGet
919
pip
4,816
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,485 advisories

Loading
The nohup utility in uutils coreutils creates its default output file, nohup.out, without... Low Unreviewed
CVE-2026-35367 was published Apr 22, 2026
A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of... High Unreviewed
CVE-2026-35341 was published Apr 22, 2026
A flaw was found in nano. In environments with permissive umask settings, a local attacker can... Low Unreviewed
CVE-2026-6842 was published Apr 22, 2026
Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows... High Unreviewed
CVE-2026-22676 was published Apr 15, 2026
--- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: ... Low Unreviewed
CVE-2026-21727 was published Apr 15, 2026
Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1... Moderate Unreviewed
CVE-2026-21011 was published Apr 13, 2026
The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have... Moderate Unreviewed
CVE-2026-4482 was published Apr 10, 2026
OpenClaw: Feishu docx upload_file/upload_image Bypasses Workspace-Only Filesystem Policy (GHSA-qf48-qfv4-jjm9 Incomplete Fix) Low
GHSA-5fc7-f62m-8983 was published for openclaw (npm) Apr 9, 2026
Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorrect Permission... Low Unreviewed
CVE-2026-28264 was published Apr 8, 2026
OpenClaw: Telegram legacy allowFrom migration fans default-account trust into all named accounts Moderate
GHSA-f693-58pc-2gfr was published for openclaw (npm) Apr 3, 2026
smaeljaish771 Credited to smaeljaish771 and KeenSecurityLab KeenSecurityLab KeenSecurityLab
Local privilege escalation due to insecure folder permissions. The following products are... Moderate Unreviewed
CVE-2026-33271 was published Apr 2, 2026
Claude SDK for Python has Insecure Default File Permissions in Local Filesystem Memory Tool Moderate
CVE-2026-34450 was published for anthropic (pip) Apr 1, 2026
gn00295120 Credited to gn00295120
Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical... High Unreviewed
CVE-2026-22768 was published Apr 1, 2026
A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()`... Low Unreviewed
CVE-2026-21715 was published Mar 30, 2026
In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate... High Unreviewed
CVE-2026-34352 was published Mar 27, 2026
Mattermost doesn't set permissions on downloaded bulk export Moderate
CVE-2026-3113 was published for github.com/mattermost/mattermost-server (Go) Mar 26, 2026
When a certificate and its private key are installed in the Windows machine certificate store... Low Unreviewed
CVE-2026-4761 was published Mar 25, 2026
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Moderate Unreviewed
CVE-2026-28829 was published Mar 25, 2026
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia... Moderate Unreviewed
CVE-2026-20693 was published Mar 25, 2026
Briefcase: Windows MSI Installer Privilege Escalation via Insecure Directory Permissions High
CVE-2026-33430 was published for briefcase (pip) Mar 23, 2026
lrandersson Credited to lrandersson
Duplicate Advisory: OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns High
GHSA-wr92-6w3g-2hwc was published for openclaw (npm) Mar 21, 2026 withdrawn
Apache Airflow: DAG authorization bypass Moderate
CVE-2026-28563 was published for apache-airflow (pip) Mar 17, 2026
Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata High
CVE-2026-26929 was published for apache-airflow (pip) Mar 17, 2026
Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file... Moderate Unreviewed
CVE-2026-29516 was published Mar 16, 2026
OpenClaw session transcript files were created without forced user-only permissions Moderate
CVE-2026-33572 was published for openclaw (npm) Mar 16, 2026
hsongkai11 Credited to hsongkai11
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database