Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,950
Maven
5,000+
npm
4,596
NuGet
787
pip
4,301
Pub
12
RubyGems
982
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

1,022 advisories

Loading
Claude Code has Sandbox Escape via Persistent Configuration Injection in settings.json High
CVE-2026-25725 was published for @anthropic-ai/claude-code (npm) Feb 6, 2026
n8n's Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner High
CVE-2025-61917 was published for n8n (npm) Feb 4, 2026
OpenClaw/Clawdbot has 1-Click RCE via Authentication Token Exfiltration From gatewayUrl High
CVE-2026-25253 was published for clawdbot (npm) Feb 2, 2026
DepthFirstDisclosures 0xacb
mavlevin
Credited to DepthFirstDisclosures, 0xacb, and mavlevin
Hono has an Arbitrary Key Read in Serve static Middleware (Cloudflare Workers Adapter) Moderate
CVE-2026-24473 was published for hono (npm) Jan 27, 2026
kilkat JungJoonWoo
Credited to kilkat and JungJoonWoo
In the Linux kernel, the following vulnerability has been resolved: media: i2c: max9286: fix... High Unreviewed
CVE-2022-49509 was published Jan 22, 2026
VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier,... High Unreviewed
CVE-2026-23763 was published Jan 22, 2026
Intermediate register values of secure workloads can be exfiltrated in workloads scheduled from... Critical Unreviewed
CVE-2025-25176 was published Jan 13, 2026
Ksenia Security Lares 4.0 Home Automation version 1.6 contains a critical security flaw that... Critical Unreviewed
CVE-2025-15114 was published Dec 31, 2025
Agno session state overwrites between different sessions/users High
CVE-2025-64168 was published for agno (pip) Oct 31, 2025
JasonLovesDoggo dirkbrnd
Credited to JasonLovesDoggo and dirkbrnd
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix... High Unreviewed
CVE-2023-53392 was published Sep 18, 2025
In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in... High Unreviewed
CVE-2025-38670 was published Aug 22, 2025
A vulnerability was identified in Docker Desktop that allows local running Linux containers to... Critical Unreviewed
CVE-2025-9074 was published Aug 20, 2025
In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix kernel... High Unreviewed
CVE-2025-38521 was published Aug 16, 2025
CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram... Moderate Unreviewed
CVE-2025-6788 was published Jul 11, 2025
HashiCorp Vagrant has code injection vulnerability through default synced folders Moderate
CVE-2025-34075 was published for vagrant (RubyGems) Jul 2, 2025
Software installed and running inside a Guest VM may override Firmware's state and gain access to... Moderate Unreviewed
CVE-2025-46707 was published Jun 27, 2025
Quarkus potentially leaks data when duplicating a duplicated context Moderate
CVE-2025-49574 was published for io.quarkus:quarkus-vertx (Maven) Jun 23, 2025
markusdlugi
Credited to markusdlugi
In the Linux kernel, the following vulnerability has been resolved: riscv: Fix kernel crash due... Moderate Unreviewed
CVE-2025-37966 was published May 20, 2025
In the Linux kernel, the following vulnerability has been resolved: riscv: fgraph: Fix stack... High Unreviewed
CVE-2025-22069 was published Apr 16, 2025
Unregistered users can see "public" messages from a closed wiki via notifications from a different wiki Moderate
CVE-2025-32783 was published for org.xwiki.platform:xwiki-platform-messagestream (Maven) Apr 16, 2025
TigerVNC accessible via the network and not just via a UNIX socket as intended Critical
CVE-2025-32428 was published for jupyter-remote-desktop-proxy (pip) Apr 12, 2025
frejanordsiek consideRatio
minrk
Credited to frejanordsiek, consideRatio, and minrk
Following the sandbox escape in CVE-2025-2783, various Firefox developers identified a similar... Critical Unreviewed
CVE-2025-2857 was published Mar 27, 2025
Apache Cassandra: unrestricted deserialization of JMX authentication credentials Moderate
CVE-2024-27137 was published for org.apache.cassandra:cassandra-all (Maven) Feb 4, 2025
OpenShift GitOps Operator Namespace Isolation Break High
CVE-2024-13484 was published for github.com/redhat-developer/gitops-operator (Go) Jan 28, 2025
svghadi
Credited to svghadi
nbgrader's `frame-ancestors: self` grants all users access to formgrader High
CVE-2025-23205 was published for nbgrader (pip) Jan 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database