GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
157 advisories
Briefcase: Windows MSI Installer Privilege Escalation via Insecure Directory Permissions
High
CVE-2026-33430
was published
for
briefcase
(pip)
Mar 23, 2026
OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns
Moderate
CVE-2026-32048
was published
for
openclaw
(npm)
Mar 2, 2026
SiYuan's renderSprig has a missing admin check that allows any user to read full workspace DB
Moderate
CVE-2026-32704
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 13, 2026
OpenClaw session transcript files were created without forced user-only permissions
Moderate
GHSA-vr7j-g7jv-h5mp
was published
for
openclaw
(npm)
Mar 16, 2026
File Browser's TUS Delete Endpoint Bypasses Delete Permission Check
Critical
CVE-2026-29188
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Mar 4, 2026
Information Disclosure in Guava
Low
CVE-2020-8908
was published
for
com.google.guava:guava
(Maven)
Mar 25, 2021
Kata Container to Guest micro VM privilege escalation
Moderate
CVE-2026-24834
was published
for
github.com/kata-containers/kata-containers/src/runtime
(Go)
Feb 19, 2026
Below has Incorrect Permission Assignment for Critical Resource
High
CVE-2025-27591
was published
for
below
(Rust)
Mar 11, 2025
Duplicate Advisory: npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
High
CVE-2026-0775
was published
for
npm
(npm)
Jan 23, 2026
•
withdrawn
pnpm has Path Traversal via arbitrary file permission modification
Moderate
CVE-2026-24131
was published
for
pnpm
(npm)
Jan 26, 2026
KubeVirt Vulnerable to Arbitrary Host File Read and Write
High
CVE-2025-64324
was published
for
kubevirt.io/kubevirt
(Go)
Nov 7, 2025
ProTip!
Advisories are also available from the
GraphQL API