GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
161 advisories
OpenClaw: Telegram legacy allowFrom migration fans default-account trust into all named accounts
Moderate
GHSA-f693-58pc-2gfr
was published
for
openclaw
(npm)
Apr 3, 2026
Claude SDK for Python has Insecure Default File Permissions in Local Filesystem Memory Tool
Moderate
CVE-2026-34450
was published
for
anthropic
(pip)
Apr 1, 2026
Briefcase: Windows MSI Installer Privilege Escalation via Insecure Directory Permissions
High
CVE-2026-33430
was published
for
briefcase
(pip)
Mar 23, 2026
OpenClaw session transcript files were created without forced user-only permissions
Moderate
CVE-2026-33572
was published
for
openclaw
(npm)
Mar 16, 2026
SiYuan's renderSprig has a missing admin check that allows any user to read full workspace DB
Moderate
CVE-2026-32704
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 13, 2026
File Browser's TUS Delete Endpoint Bypasses Delete Permission Check
Critical
CVE-2026-29188
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Mar 4, 2026
OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns
Moderate
CVE-2026-32048
was published
for
openclaw
(npm)
Mar 2, 2026
Kata Container to Guest micro VM privilege escalation
Moderate
CVE-2026-24834
was published
for
github.com/kata-containers/kata-containers/src/runtime
(Go)
Feb 19, 2026
pnpm has Path Traversal via arbitrary file permission modification
Moderate
CVE-2026-24131
was published
for
pnpm
(npm)
Jan 26, 2026
Duplicate Advisory: npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
High
CVE-2026-0775
was published
for
npm
(npm)
Jan 23, 2026
•
withdrawn
KubeVirt Vulnerable to Arbitrary Host File Read and Write
High
CVE-2025-64324
was published
for
kubevirt.io/kubevirt
(Go)
Nov 7, 2025
Dragonfly's directories created via os.MkdirAll are not checked for permissions
Low
CVE-2025-59349
was published
for
d7y.io/dragonfly/v2
(Go)
Sep 17, 2025
Fess has Insecure Temporary File Permissions
Low
CVE-2025-48382
was published
for
org.codelibs.fess:fess
(Maven)
May 27, 2025
Below has Incorrect Permission Assignment for Critical Resource
High
CVE-2025-27591
was published
for
below
(Rust)
Mar 11, 2025
@tanstack/form-core prototype pollution
High
CVE-2024-57068
was published
for
@tanstack/form-core
(npm)
Feb 6, 2025
ProTip!
Advisories are also available from the
GraphQL API