Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
57
GitHub Actions
50
Go
3,767
Maven
5,000+
npm
5,000+
NuGet
937
pip
4,999
Pub
13
RubyGems
1,058
Rust
1,347
Swift
54
Unreviewed advisories
All unreviewed
5,000+

1,048 advisories

Loading
Inappropriate implementation in ORB in Google Chrome prior to 148.0.7778.96 allowed a remote... Moderate Unreviewed
CVE-2026-7971 was published May 6, 2026
Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote... Moderate Unreviewed
CVE-2026-7977 was published May 6, 2026
There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud... Moderate Unreviewed
CVE-2026-40001 was published May 6, 2026
An issue that could allow a dashboard configuration to be viewed from outside of the authorized... Moderate Unreviewed
CVE-2026-7778 was published May 5, 2026
IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 Moderate Unreviewed
CVE-2026-1726 was published Apr 23, 2026
In order to apply a particular protection key to an address range, the kernel must update the... Moderate Unreviewed
CVE-2026-6386 was published Apr 22, 2026
Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150 and... Moderate Unreviewed
CVE-2026-6769 was published Apr 21, 2026
Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150 and... Moderate Unreviewed
CVE-2026-6761 was published Apr 21, 2026
Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in... Moderate Unreviewed
CVE-2026-6750 was published Apr 21, 2026
In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code... Moderate Unreviewed
CVE-2026-29647 was published Apr 20, 2026
Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release... Moderate Unreviewed
CVE-2026-35154 was published Apr 20, 2026
OpenClaw: Agent hook events could enqueue trusted system events from unsanitized external input Moderate
CVE-2026-43534 was published for openclaw (npm) Apr 17, 2026
zsxsoft Credited to zsxsoft, qclawer, and KeenSecurityLab qclawer qclawer
KeenSecurityLab KeenSecurityLab
OpenClaw: Heartbeat owner downgrade missed local async exec completion events Moderate
GHSA-g375-h3v6-4873 was published for openclaw (npm) Apr 17, 2026
zsxsoft Credited to zsxsoft, qclawer, and KeenSecurityLab qclawer qclawer
KeenSecurityLab KeenSecurityLab
STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged... Moderate Unreviewed
CVE-2025-70795 was published Apr 17, 2026
Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to... Moderate Unreviewed
CVE-2026-40002 was published Apr 17, 2026
Improper privilege management in Microsoft Windows allows an authorized attacker to deny service... Moderate Unreviewed
CVE-2026-32181 was published Apr 14, 2026
Aiven Operator has cross-namespace secret exfiltration via ClickhouseUser connInfoSecretSource Moderate
CVE-2026-39961 was published for github.com/aiven/aiven-operator (Go) Apr 10, 2026
AndresAIFR Credited to AndresAIFR
OpenClaw `node.pair.approve` placed in `operator.write` scope instead of `operator.pairing` allows unprivileged pairing approval Moderate
CVE-2026-42426 was published for openclaw (npm) Apr 9, 2026
nicky-cc Credited to nicky-cc
OpenClaw: Read-scoped identity-bearing HTTP clients could kill sessions via /sessions/:sessionKey/kill Moderate
CVE-2026-41298 was published for openclaw (npm) Apr 7, 2026
EaEa0001 Credited to EaEa0001
OpenClaw: Gateway operator.write Can Reach Admin-Class Talk Voice Config Persistence via chat.send Moderate
CVE-2026-41379 was published for openclaw (npm) Apr 7, 2026
zpbrent Credited to zpbrent
OpenClaw: Host exec environment overrides miss proxy, TLS, Docker, and Git TLS controls Moderate
CVE-2026-41330 was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: Unauthenticated plugin-auth HTTP routes receive operator runtime scopes Moderate
CVE-2026-41394 was published for openclaw (npm) Apr 2, 2026
davidluzsilva Credited to davidluzsilva
A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4... Moderate Unreviewed
CVE-2026-28889 was published Mar 25, 2026
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Moderate Unreviewed
CVE-2026-20607 was published Mar 25, 2026
The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is... Moderate Unreviewed
CVE-2026-2375 was published Mar 21, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database