Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
911
pip
4,760
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

176 advisories

Loading
PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading High
CVE-2026-40156 was published for praisonai (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
PraisonAI Vulnerable Untrusted Remote Template Code Execution Critical
CVE-2026-40154 was published for PraisonAI (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container... High Unreviewed
CVE-2026-1342 was published Apr 8, 2026
OpenClaw: Untrusted workspace channel shadows could execute during built-in channel setup Moderate
GHSA-2qrv-rc5x-2g2h was published for openclaw (npm) Apr 7, 2026
zpbrent Credited to zpbrent
OpenClaw: OpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup Moderate
GHSA-42mx-vp8m-j7qh was published for openclaw (npm) Apr 7, 2026
tdjackey Credited to tdjackey
Duplicate Advisory: OpenClaw: Workspace plugin auto-discovery allowed code execution from cloned repositories High
GHSA-j5qh-5234-4rqp was published for openclaw (npm) Mar 31, 2026 withdrawn
Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0... High Unreviewed
CVE-2026-3991 was published Mar 30, 2026
HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability where an attacker... Moderate Unreviewed
CVE-2025-55273 was published Mar 26, 2026
Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms... High Unreviewed
CVE-2026-4295 was published Mar 17, 2026
A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows (64-bit)... High Unreviewed
CVE-2026-4255 was published Mar 16, 2026
OpenClaw: Workspace plugin auto-discovery allowed code execution from cloned repositories High
CVE-2026-32920 was published for openclaw (npm) Mar 13, 2026
lintsinghua Credited to lintsinghua
An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was... Critical Unreviewed
CVE-2025-70046 was published Mar 9, 2026
Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal... High Unreviewed
CVE-2026-28135 was published Mar 5, 2026
OpenClaw: shell-env trusted-prefix fallback allowed attacker-controlled binary execution via $SHELL High
CVE-2026-22217 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: safeBins static default trusted dirs allow writable-dir binary hijack (`jq`) High
CVE-2026-32009 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
Mattermost Desktop App versions <=5.13.3 fail to attach listeners restricting navigation to... Moderate Unreviewed
CVE-2026-1628 was published Mar 2, 2026
telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing... High Unreviewed
CVE-2026-28372 was published Feb 27, 2026
Improper Control of Generation of Code ('Code Injection') in @tygo-van-den-hurk/slyde High
CVE-2026-26974 was published for @tygo-van-den-hurk/slyde (npm) Feb 18, 2026
Tygo-van-den-Hurk Credited to Tygo-van-den-Hurk
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS)... Moderate Unreviewed
CVE-2026-26079 was published Feb 11, 2026
In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview... Critical Unreviewed
CVE-2026-1699 was published Jan 30, 2026
Langflow affected by Remote Code Execution via validate_code() exec() High
CVE-2026-0770 was published for langflow (pip) Jan 23, 2026
affix Credited to affix
UmbracoForms Vulnerable to Remote Code Execution via Untrusted WSDL Compilation in Dynamic SOAP Client Generation Critical
CVE-2025-68924 was published for UmbracoForms (NuGet) Jan 13, 2026
chudyPB Credited to chudyPB
FASTJSON Includes Functionality from Untrusted Control Sphere Critical
CVE-2025-70974 was published for com.alibaba:fastjson (Maven) Jan 9, 2026
Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows... Moderate Unreviewed
CVE-2020-36924 was published Jan 6, 2026
FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the... Moderate Unreviewed
CVE-2020-36905 was published Jan 6, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database