Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
58
GitHub Actions
50
Go
3,799
Maven
5,000+
npm
5,000+
NuGet
938
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,351
Swift
54
Unreviewed advisories
All unreviewed
5,000+

1,503 advisories

Loading
IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file to be world-writable by any local... High Unreviewed
CVE-2026-29125 was published Mar 5, 2026
Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in... High Unreviewed
CVE-2026-29126 was published Mar 5, 2026
File Browser's TUS Delete Endpoint Bypasses Delete Permission Check Critical
CVE-2026-29188 was published for github.com/filebrowser/filebrowser/v2 (Go) Mar 4, 2026
fg0x0 Credited to fg0x0 and hacdias hacdias hacdias
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for... Moderate Unreviewed
CVE-2025-12801 was published Mar 4, 2026
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded... Moderate Unreviewed
CVE-2025-70342 was published Mar 4, 2026
IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0... Moderate Unreviewed
CVE-2025-14604 was published Mar 3, 2026
iBoysoft NTFS for Mac contains a local privilege escalation vulnerability in its privileged... High Unreviewed
CVE-2026-2637 was published Mar 3, 2026
OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns Moderate
CVE-2026-32048 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly... Critical Unreviewed
CVE-2026-21902 was published Feb 25, 2026
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File... High Unreviewed
CVE-2026-26102 was published Feb 20, 2026
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File... High Unreviewed
CVE-2026-26096 was published Feb 20, 2026
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File... High Unreviewed
CVE-2026-26101 was published Feb 20, 2026
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File... High Unreviewed
CVE-2026-26095 was published Feb 20, 2026
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File... Moderate Unreviewed
CVE-2026-26100 was published Feb 20, 2026
Kata Container to Guest micro VM privilege escalation Moderate
CVE-2026-24834 was published for github.com/kata-containers/kata-containers/src/runtime (Go) Feb 19, 2026
kostya-oai Credited to kostya-oai, sprt, fidencio, and stevenhorsman sprt sprt
fidencio fidencio stevenhorsman stevenhorsman
IBM Concert 1.0.0 through 2.1.0 could allow a local user with specific knowledge about the system... High Unreviewed
CVE-2025-33088 was published Feb 18, 2026
Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal. Moderate Unreviewed
CVE-2026-1344 was published Feb 18, 2026
Glory RBG-100 recycler systems using the ISPK-08 software component contain multiple system... High Unreviewed
CVE-2026-23648 was published Feb 17, 2026
NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to... High Unreviewed
CVE-2019-25343 was published Feb 12, 2026
Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local... High Unreviewed
CVE-2019-25344 was published Feb 12, 2026
Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to... High Unreviewed
CVE-2025-61969 was published Feb 11, 2026
Incorrect permission assignment for critical resource for some System Firmware Update Utility ... Moderate Unreviewed
CVE-2025-35999 was published Feb 10, 2026
Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in... Moderate Unreviewed
CVE-2025-14740 was published Feb 4, 2026
Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended... Moderate Unreviewed
CVE-2025-52627 was published Feb 3, 2026
A security issue has been identified in ibaPDA that could allow unauthorized actions on the file... Critical Unreviewed
CVE-2025-14988 was published Jan 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database