Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,413
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,656
Pub
13
RubyGems
1,027
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

171 advisories

Loading
Duplicate Advisory: OpenClaw: Workspace plugin auto-discovery allowed code execution from cloned repositories High
GHSA-j5qh-5234-4rqp was published for openclaw (npm) Mar 31, 2026 withdrawn
Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0... High Unreviewed
CVE-2026-3991 was published Mar 30, 2026
HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability where an attacker... Moderate Unreviewed
CVE-2025-55273 was published Mar 26, 2026
Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms... High Unreviewed
CVE-2026-4295 was published Mar 17, 2026
A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows (64-bit)... High Unreviewed
CVE-2026-4255 was published Mar 16, 2026
OpenClaw: Workspace plugin auto-discovery allowed code execution from cloned repositories High
CVE-2026-32920 was published for openclaw (npm) Mar 13, 2026
lintsinghua Credited to lintsinghua
An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was... Critical Unreviewed
CVE-2025-70046 was published Mar 9, 2026
Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal... High Unreviewed
CVE-2026-28135 was published Mar 5, 2026
OpenClaw: shell-env trusted-prefix fallback allowed attacker-controlled binary execution via $SHELL High
CVE-2026-22217 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: safeBins static default trusted dirs allow writable-dir binary hijack (`jq`) High
CVE-2026-32009 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
Mattermost Desktop App versions <=5.13.3 fail to attach listeners restricting navigation to... Moderate Unreviewed
CVE-2026-1628 was published Mar 2, 2026
telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing... High Unreviewed
CVE-2026-28372 was published Feb 27, 2026
Improper Control of Generation of Code ('Code Injection') in @tygo-van-den-hurk/slyde High
CVE-2026-26974 was published for @tygo-van-den-hurk/slyde (npm) Feb 18, 2026
Tygo-van-den-Hurk Credited to Tygo-van-den-Hurk
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS)... Moderate Unreviewed
CVE-2026-26079 was published Feb 11, 2026
In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview... Critical Unreviewed
CVE-2026-1699 was published Jan 30, 2026
Langflow affected by Remote Code Execution via validate_code() exec() High
CVE-2026-0770 was published for langflow (pip) Jan 23, 2026
affix Credited to affix
UmbracoForms Vulnerable to Remote Code Execution via Untrusted WSDL Compilation in Dynamic SOAP Client Generation Critical
CVE-2025-68924 was published for UmbracoForms (NuGet) Jan 13, 2026
chudyPB Credited to chudyPB
FASTJSON Includes Functionality from Untrusted Control Sphere Critical
CVE-2025-70974 was published for com.alibaba:fastjson (Maven) Jan 9, 2026
Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows... Moderate Unreviewed
CVE-2020-36924 was published Jan 6, 2026
FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the... Moderate Unreviewed
CVE-2020-36905 was published Jan 6, 2026
The Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject... Moderate Unreviewed
CVE-2025-67842 was published Dec 19, 2025
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project... Low Unreviewed
CVE-2025-68162 was published Dec 16, 2025
NXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable. High Unreviewed
CVE-2025-67900 was published Dec 15, 2025
n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook Critical
CVE-2025-65964 was published for n8n (npm) Dec 8, 2025
Malayke Credited to Malayke
Akamai Guardicore Platform Agent before 52.1.1 allows an unprivileged user to fully elevate... High Unreviewed
CVE-2025-53841 was published Dec 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database