Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

168 advisories

Loading
vLLM has Hardcoded Trust Override in Model Files Enables RCE Despite Explicit User Opt-Out High
CVE-2026-27893 was published for vllm (pip) Mar 27, 2026
Wernerina Credited to Wernerina and russellb russellb russellb
OpenClaw has Inconsistent Host Exec Environment Override Sanitization High
GHSA-39pp-xp36-q6mg was published for openclaw (npm) Mar 26, 2026
zpbrent Credited to zpbrent
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS... High Unreviewed
CVE-2026-20701 was published Mar 25, 2026
ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack High
CVE-2026-28500 was published for onnx (pip) Mar 16, 2026
ZeroXJacks Credited to ZeroXJacks
In oobconfig, there is a possible bypass of carrier restrictions due to a logic error. This could... High Unreviewed
CVE-2026-0118 was published Mar 10, 2026
Fickling has `always_check_safety()` bypass: pickle.loads and _pickle.loads remain unhooked High
GHSA-wccx-j62j-r448 was published for fickling (pip) Mar 4, 2026
mldangelo Credited to mldangelo
An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2... High Unreviewed
CVE-2024-55024 was published Mar 3, 2026
In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage... High Unreviewed
CVE-2025-48653 was published Mar 2, 2026
In enableSystemPackageLPw of Settings.java, there is a possible way to prevent location access... High Unreviewed
CVE-2026-0011 was published Mar 2, 2026
In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a... High Unreviewed
CVE-2025-48602 was published Mar 2, 2026
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to... High Unreviewed
CVE-2025-48605 was published Mar 2, 2026
In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch... High Unreviewed
CVE-2024-31328 was published Mar 2, 2026
A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, macOS... High Unreviewed
CVE-2026-20667 was published Feb 12, 2026
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4,... High Unreviewed
CVE-2025-46290 was published Feb 12, 2026
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a... High Unreviewed
CVE-2026-21510 was published Feb 10, 2026
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a... High Unreviewed
CVE-2026-21513 was published Feb 10, 2026
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability... High Unreviewed
CVE-2025-40536 was published Jan 28, 2026
Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability affects Firefox <... High Unreviewed
CVE-2026-24868 was published Jan 27, 2026
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147,... High Unreviewed
CVE-2026-0877 was published Jan 13, 2026
pnpm v10+ Bypass "Dependency lifecycle scripts execution disabled by default" High
CVE-2025-69264 was published for pnpm (npm) Jan 7, 2026
orenyomtov Credited to orenyomtov
Picklescan Bypasses Unsafe Globals Check using pty.spawn High
GHSA-hgrh-qx5j-jfwx was published for picklescan (pip) Dec 29, 2025
yarienkiva Credited to yarienkiva
A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2. An app... High Unreviewed
CVE-2025-46281 was published Dec 17, 2025
A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An... High Unreviewed
CVE-2025-46291 was published Dec 17, 2025
Certain motherboard models developed by ASRock and its subsidiaries, ASRockRack and ASRockInd.... High Unreviewed
CVE-2025-14304 was published Dec 17, 2025
Certain motherboard models developed by GIGABYTE has a Protection Mechanism Failure vulnerability... High Unreviewed
CVE-2025-14302 was published Dec 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database