Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

713 advisories

Loading
Briefcase: Windows MSI Installer Privilege Escalation via Insecure Directory Permissions High
CVE-2026-33430 was published for briefcase (pip) Mar 23, 2026
lrandersson Credited to lrandersson
Duplicate Advisory: OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns High
GHSA-wr92-6w3g-2hwc was published for openclaw (npm) Mar 21, 2026 withdrawn
In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate... High Unreviewed
CVE-2026-34352 was published Mar 27, 2026
The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as... High Unreviewed
CVE-2009-0115 was published May 2, 2022
Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure ... High Unreviewed
CVE-2026-24291 was published Mar 10, 2026
Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata High
CVE-2026-26929 was published for apache-airflow (pip) Mar 17, 2026
A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not... High Unreviewed
CVE-2010-0737 was published Apr 21, 2022
Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in... High Unreviewed
CVE-2026-29126 was published Mar 5, 2026
IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file to be world-writable by any local... High Unreviewed
CVE-2026-29125 was published Mar 5, 2026
AirVPN Eddie on MacOS contains an insecure XPC service that allows local, unprivileged users to... High Unreviewed
CVE-2025-14979 was published Jan 6, 2026
iBoysoft NTFS for Mac contains a local privilege escalation vulnerability in its privileged... High Unreviewed
CVE-2026-2637 was published Mar 3, 2026
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File... High Unreviewed
CVE-2026-26102 was published Feb 20, 2026
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File... High Unreviewed
CVE-2026-26101 was published Feb 20, 2026
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File... High Unreviewed
CVE-2026-26095 was published Feb 20, 2026
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File... High Unreviewed
CVE-2026-26096 was published Feb 20, 2026
IBM Concert 1.0.0 through 2.1.0 could allow a local user with specific knowledge about the system... High Unreviewed
CVE-2025-33088 was published Feb 18, 2026
Glory RBG-100 recycler systems using the ISPK-08 software component contain multiple system... High Unreviewed
CVE-2026-23648 was published Feb 17, 2026
NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to... High Unreviewed
CVE-2019-25343 was published Feb 12, 2026
Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local... High Unreviewed
CVE-2019-25344 was published Feb 12, 2026
Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to... High Unreviewed
CVE-2025-61969 was published Feb 11, 2026
Below has Incorrect Permission Assignment for Critical Resource High
CVE-2025-27591 was published for below (Rust) Mar 11, 2025
mgerstner Credited to mgerstner
Duplicate Advisory: npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability High
CVE-2026-0775 was published for npm (npm) Jan 23, 2026 withdrawn
Mauripache Credited to Mauripache
express-cart allows any user to create an admin user High
CVE-2018-12457 was published for express-cart (npm) May 13, 2022
WinAVR version 20100110 contains an insecure permissions vulnerability that allows authenticated... High Unreviewed
CVE-2020-36938 was published Jan 27, 2026
IBM Licensing Operator incorrectly assigns privileges to security critical files which could... High Unreviewed
CVE-2025-12985 was published Jan 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database