Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
912
pip
4,768
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

176 advisories

Loading
PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading High
CVE-2026-40156 was published for praisonai (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
PraisonAI Vulnerable Untrusted Remote Template Code Execution Critical
CVE-2026-40154 was published for PraisonAI (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel,... Moderate Unreviewed
CVE-2024-4359 was published Aug 12, 2024
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container... High Unreviewed
CVE-2026-1342 was published Apr 8, 2026
OpenClaw: Untrusted workspace channel shadows could execute during built-in channel setup Moderate
GHSA-2qrv-rc5x-2g2h was published for openclaw (npm) Apr 7, 2026
zpbrent Credited to zpbrent
OpenClaw: OpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup Moderate
GHSA-42mx-vp8m-j7qh was published for openclaw (npm) Apr 7, 2026
tdjackey Credited to tdjackey
OpenClaw: Workspace plugin auto-discovery allowed code execution from cloned repositories High
CVE-2026-32920 was published for openclaw (npm) Mar 13, 2026
lintsinghua Credited to lintsinghua
Duplicate Advisory: OpenClaw: Workspace plugin auto-discovery allowed code execution from cloned repositories High
GHSA-j5qh-5234-4rqp was published for openclaw (npm) Mar 31, 2026 withdrawn
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2024-50497 was published Oct 28, 2024
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2024-49243 was published Oct 18, 2024
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Moderate Unreviewed
CVE-2024-35650 was published Jun 10, 2024
Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0... High Unreviewed
CVE-2026-3991 was published Mar 30, 2026
OpenClaw: safeBins static default trusted dirs allow writable-dir binary hijack (`jq`) High
CVE-2026-32009 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability where an attacker... Moderate Unreviewed
CVE-2025-55273 was published Mar 26, 2026
OpenClaw: shell-env trusted-prefix fallback allowed attacker-controlled binary execution via $SHELL High
CVE-2026-22217 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms... High Unreviewed
CVE-2026-4295 was published Mar 17, 2026
A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows (64-bit)... High Unreviewed
CVE-2026-4255 was published Mar 16, 2026
An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was... Critical Unreviewed
CVE-2025-70046 was published Mar 9, 2026
Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal... High Unreviewed
CVE-2026-28135 was published Mar 5, 2026
telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing... High Unreviewed
CVE-2026-28372 was published Feb 27, 2026
Mattermost Desktop App versions <=5.13.3 fail to attach listeners restricting navigation to... Moderate Unreviewed
CVE-2026-1628 was published Mar 2, 2026
Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and... High Unreviewed
CVE-2023-5523 was published Oct 20, 2023
Improper Control of Generation of Code ('Code Injection') in @tygo-van-den-hurk/slyde High
CVE-2026-26974 was published for @tygo-van-den-hurk/slyde (npm) Feb 18, 2026
Tygo-van-den-Hurk Credited to Tygo-van-den-Hurk
Langflow affected by Remote Code Execution via validate_code() exec() High
CVE-2026-0770 was published for langflow (pip) Jan 23, 2026
affix Credited to affix
Embedded malware in ua-parser-js High
CVE-2021-4229 was published for ua-parser-js (npm) Oct 22, 2021
xtqqczze Credited to xtqqczze and faisalman faisalman faisalman
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database