Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

1,471 advisories

Loading
In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate... High Unreviewed
CVE-2026-34352 was published Mar 27, 2026
Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11... Moderate Unreviewed
CVE-2026-3113 was published Mar 26, 2026
When a certificate and its private key are installed in the Windows machine certificate store... Low Unreviewed
CVE-2026-4761 was published Mar 25, 2026
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Moderate Unreviewed
CVE-2026-28829 was published Mar 25, 2026
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia... Moderate Unreviewed
CVE-2026-20693 was published Mar 25, 2026
Briefcase: Windows MSI Installer Privilege Escalation via Insecure Directory Permissions High
CVE-2026-33430 was published for briefcase (pip) Mar 23, 2026
lrandersson Credited to lrandersson
Duplicate Advisory: OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns High
GHSA-wr92-6w3g-2hwc was published for openclaw (npm) Mar 21, 2026 withdrawn
Apache Airflow: DAG authorization bypass Moderate
CVE-2026-28563 was published for apache-airflow (pip) Mar 17, 2026
Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata High
CVE-2026-26929 was published for apache-airflow (pip) Mar 17, 2026
Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file... Moderate Unreviewed
CVE-2026-29516 was published Mar 16, 2026
OpenClaw session transcript files were created without forced user-only permissions Moderate
GHSA-vr7j-g7jv-h5mp was published for openclaw (npm) Mar 16, 2026
hsongkai11 Credited to hsongkai11
SiYuan's renderSprig has a missing admin check that allows any user to read full workspace DB Moderate
CVE-2026-32704 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 13, 2026
fg0x0 Credited to fg0x0
An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control... Moderate Unreviewed
CVE-2025-15037 was published Mar 12, 2026
Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure ... High Unreviewed
CVE-2026-24291 was published Mar 10, 2026
An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get... Moderate Unreviewed
CVE-2025-41712 was published Mar 10, 2026
Sensitive information disclosure due to improper configuration of a headless browser. The... Moderate Unreviewed
CVE-2026-28725 was published Mar 6, 2026
Credentials are not deleted from Acronis Agent after plan revocation. The following products are... Moderate Unreviewed
CVE-2025-11790 was published Mar 6, 2026
Credentials are not deleted from Acronis Agent after plan revocation. The following products are... Moderate Unreviewed
CVE-2025-30413 was published Mar 6, 2026
Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in... High Unreviewed
CVE-2026-29126 was published Mar 5, 2026
IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file to be world-writable by any local... High Unreviewed
CVE-2026-29125 was published Mar 5, 2026
File Browser's TUS Delete Endpoint Bypasses Delete Permission Check Critical
CVE-2026-29188 was published for github.com/filebrowser/filebrowser/v2 (Go) Mar 4, 2026
fg0x0 Credited to fg0x0 and hacdias hacdias hacdias
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for... Moderate Unreviewed
CVE-2025-12801 was published Mar 4, 2026
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded... Moderate Unreviewed
CVE-2025-70342 was published Mar 4, 2026
IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0... Moderate Unreviewed
CVE-2025-14604 was published Mar 3, 2026
iBoysoft NTFS for Mac contains a local privilege escalation vulnerability in its privileged... High Unreviewed
CVE-2026-2637 was published Mar 3, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database