Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

998 advisories

Loading
Local privilege escalation due to DLL hijacking vulnerability. The following products are... Moderate Unreviewed
CVE-2026-25852 was published Apr 29, 2026
AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerability, allowing authenticated... High Unreviewed
CVE-2026-7279 was published Apr 28, 2026
OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config Moderate
GHSA-mj59-h3q9-ghfh was published for openclaw (npm) Apr 25, 2026
garagon Credited to garagon
NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp... High Unreviewed
CVE-2026-42171 was published Apr 25, 2026
Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to... High Unreviewed
CVE-2026-32172 was published Apr 24, 2026
IP Setting Software contains an issue with the DLL search path, which may lead to insecurely... High Unreviewed
CVE-2026-34488 was published Apr 23, 2026
EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak... Moderate Unreviewed
CVE-2025-10549 was published Apr 23, 2026
The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and... High Unreviewed
CVE-2026-32679 was published Apr 23, 2026
It has been identified that a vulnerability (CWE-427) exists in the UPS (Uninterruptible Power... High Unreviewed
CVE-2026-5397 was published Apr 17, 2026
Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable... High Unreviewed
CVE-2026-22619 was published Apr 16, 2026
Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that... High Unreviewed
CVE-2026-34632 was published Apr 15, 2026
During an internal security assessment, a potential vulnerability was discovered in Lenovo... High Unreviewed
CVE-2026-4134 was published Apr 15, 2026
A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain... Moderate Unreviewed
CVE-2026-1636 was published Apr 15, 2026
KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation... High Unreviewed
CVE-2026-4158 was published Apr 11, 2026
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This... High Unreviewed
CVE-2026-5055 was published Apr 11, 2026
Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file is placed to the... High Unreviewed
CVE-2026-28704 was published Apr 10, 2026
A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5... High Unreviewed
CVE-2026-30478 was published Apr 9, 2026
MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and... High Unreviewed
CVE-2026-40031 was published Apr 9, 2026
A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security... High Unreviewed
CVE-2025-14821 was published Apr 7, 2026
OpenClaw: Incomplete host-env-security-policy allows untrusted model to substitute compiler binaries via env overrides High
CVE-2026-41373 was published for openclaw (npm) Apr 3, 2026
tdjackey Credited to tdjackey
Local privilege escalation due to DLL hijacking vulnerability. The following products are... Moderate Unreviewed
CVE-2026-28728 was published Apr 2, 2026
Local privilege escalation due to DLL hijacking vulnerability. The following products are... Moderate Unreviewed
CVE-2026-27774 was published Apr 2, 2026
The application's update service, when checking for updates, loads certain system libraries from... High Unreviewed
CVE-2026-3775 was published Apr 1, 2026
openssl-encrypt: Dynamic .so loading for Whirlpool uses broad glob pattern without integrity verification Moderate
GHSA-j48q-4c78-rhf9 was published for openssl-encrypt (pip) Mar 31, 2026
Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe)... Moderate Unreviewed
CVE-2026-22561 was published Mar 31, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database