Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,489 advisories

Loading
Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool Moderate
CVE-2026-41686 was published for @anthropic-ai/sdk (npm) Apr 29, 2026
GNU nano creates the user’s ~/.local directory with overly permissive permissions when the... Low Unreviewed
CVE-2026-40556 was published Apr 28, 2026
OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in... Moderate Unreviewed
CVE-2026-41366 was published Apr 28, 2026
uutils coreutils has an Incorrect Permission Assignment for Critical Resource Low
CVE-2026-35367 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils allows unauthorized modification of permissions on existing files High
CVE-2026-35341 was published for coreutils (Rust) Apr 22, 2026
A flaw was found in nano. In environments with permissive umask settings, a local attacker can... Low Unreviewed
CVE-2026-6842 was published Apr 22, 2026
Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows... High Unreviewed
CVE-2026-22676 was published Apr 15, 2026
--- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: ... Low Unreviewed
CVE-2026-21727 was published Apr 15, 2026
Pyroscope Exposes Storage Secret Critical
CVE-2025-41118 was published for github.com/grafana/pyroscope (Go) Apr 15, 2026
Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1... Moderate Unreviewed
CVE-2026-21011 was published Apr 13, 2026
The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have... Moderate Unreviewed
CVE-2026-4482 was published Apr 10, 2026
OpenClaw: Feishu docx upload_file/upload_image Bypasses Workspace-Only Filesystem Policy (GHSA-qf48-qfv4-jjm9 Incomplete Fix) Low
CVE-2026-41911 was published for openclaw (npm) Apr 9, 2026
Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorrect Permission... Low Unreviewed
CVE-2026-28264 was published Apr 8, 2026
OpenClaw: Telegram legacy allowFrom migration fans default-account trust into all named accounts Moderate
GHSA-f693-58pc-2gfr was published for openclaw (npm) Apr 3, 2026
smaeljaish771 Credited to smaeljaish771 and KeenSecurityLab KeenSecurityLab KeenSecurityLab
Local privilege escalation due to insecure folder permissions. The following products are... Moderate Unreviewed
CVE-2026-33271 was published Apr 2, 2026
Claude SDK for Python has Insecure Default File Permissions in Local Filesystem Memory Tool Moderate
CVE-2026-34450 was published for anthropic (pip) Apr 1, 2026
gn00295120 Credited to gn00295120
Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical... High Unreviewed
CVE-2026-22768 was published Apr 1, 2026
A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()`... Low Unreviewed
CVE-2026-21715 was published Mar 30, 2026
In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate... High Unreviewed
CVE-2026-34352 was published Mar 27, 2026
Mattermost doesn't set permissions on downloaded bulk export Moderate
CVE-2026-3113 was published for github.com/mattermost/mattermost-server (Go) Mar 26, 2026
When a certificate and its private key are installed in the Windows machine certificate store... Low Unreviewed
CVE-2026-4761 was published Mar 25, 2026
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Moderate Unreviewed
CVE-2026-28829 was published Mar 25, 2026
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia... Moderate Unreviewed
CVE-2026-20693 was published Mar 25, 2026
Briefcase: Windows MSI Installer Privilege Escalation via Insecure Directory Permissions High
CVE-2026-33430 was published for briefcase (pip) Mar 23, 2026
lrandersson Credited to lrandersson
Duplicate Advisory: OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns High
GHSA-wr92-6w3g-2hwc was published for openclaw (npm) Mar 21, 2026 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database