Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

187 advisories

Loading
An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python... High Unreviewed
CVE-2026-43003 was published May 1, 2026
OpenStack Ironic through 25.0.0 allows ipmitool execution in a non-default configuration that has... Moderate Unreviewed
CVE-2026-42510 was published Apr 28, 2026
pip prior to version 26.1 would run self-update check functionality after installing wheel files... Moderate Unreviewed
CVE-2026-6357 was published Apr 27, 2026
OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config Moderate
GHSA-mj59-h3q9-ghfh was published for openclaw (npm) Apr 25, 2026
garagon Credited to garagon
OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that... Moderate Unreviewed
CVE-2026-41355 was published Apr 24, 2026
OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR... High Unreviewed
CVE-2026-41336 was published Apr 24, 2026
InstructLab Includes Functionality from Untrusted Control Sphere High
CVE-2026-6859 was published for instructlab (pip) Apr 22, 2026
In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC... Moderate Unreviewed
CVE-2026-41253 was published Apr 18, 2026
OpenClaw: Workspace provider auth choices could auto-enable untrusted provider plugins High
GHSA-939r-rj45-g2rj was published for openclaw (npm) Apr 17, 2026
zpbrent Credited to zpbrent
The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation... High Unreviewed
CVE-2026-6482 was published Apr 17, 2026
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod. Critical Unreviewed
CVE-2026-40959 was published Apr 16, 2026
PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading High
CVE-2026-40156 was published for praisonai (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
PraisonAI Vulnerable Untrusted Remote Template Code Execution Critical
CVE-2026-40154 was published for PraisonAI (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container... High Unreviewed
CVE-2026-1342 was published Apr 8, 2026
OpenClaw: Untrusted workspace channel shadows could execute during built-in channel setup Moderate
CVE-2026-41295 was published for openclaw (npm) Apr 7, 2026
zpbrent Credited to zpbrent
OpenClaw: OpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup Moderate
GHSA-42mx-vp8m-j7qh was published for openclaw (npm) Apr 7, 2026
tdjackey Credited to tdjackey
Duplicate Advisory: OpenClaw: Workspace plugin auto-discovery allowed code execution from cloned repositories High
GHSA-j5qh-5234-4rqp was published for openclaw (npm) Mar 31, 2026 withdrawn
Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0... High Unreviewed
CVE-2026-3991 was published Mar 30, 2026
HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability where an attacker... Moderate Unreviewed
CVE-2025-55273 was published Mar 26, 2026
Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms... High Unreviewed
CVE-2026-4295 was published Mar 17, 2026
A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows (64-bit)... High Unreviewed
CVE-2026-4255 was published Mar 16, 2026
OpenClaw: Workspace plugin auto-discovery allowed code execution from cloned repositories High
CVE-2026-32920 was published for openclaw (npm) Mar 13, 2026
lintsinghua Credited to lintsinghua
An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was... Critical Unreviewed
CVE-2025-70046 was published Mar 9, 2026
Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal... High Unreviewed
CVE-2026-28135 was published Mar 5, 2026
OpenClaw: shell-env trusted-prefix fallback allowed attacker-controlled binary execution via $SHELL High
CVE-2026-22217 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database