GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,296
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
159 advisories
Filter by severity
OpenClaw is vulnerable to validation bypass through GNU long-option abbreviations in allowlist mode
Critical
CVE-2026-28363
was published
for
openclaw
(npm)
Feb 27, 2026
IEC 60870-5-104: Potential Denial of Service impact on reception of invalid U-format frame....
High
Unreviewed
CVE-2026-1773
was published
Feb 24, 2026
Fickling has safety check bypass via REDUCE+BUILD opcode sequence
Moderate
GHSA-mhc9-48gj-9gp3
was published
for
fickling
(pip)
Feb 25, 2026
Fickling has a detection bypass via stdlib network-protocol constructors
Low
GHSA-83pf-v6qq-pwmr
was published
for
fickling
(pip)
Feb 20, 2026
FUXA Affected by a Path Traversal Sanitization Bypass
High
CVE-2026-25951
was published
for
fuxa-server
(npm)
Feb 10, 2026
Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list
High
CVE-2025-67747
was published
for
fickling
(pip)
Dec 15, 2025
Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist
High
CVE-2026-22609
was published
for
fickling
(pip)
Jan 9, 2026
Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection
High
CVE-2026-22608
was published
for
fickling
(pip)
Jan 9, 2026
Fickling Blocklist Bypass: cProfile.run()
High
CVE-2026-22607
was published
for
fickling
(pip)
Jan 9, 2026
Fickling has a bypass via runpy.run_path() and runpy.run_module()
High
CVE-2026-22606
was published
for
fickling
(pip)
Jan 9, 2026
libsodium has Incomplete List of Disallowed Inputs
Moderate
CVE-2025-69277
was published
for
PyNaCl
(Composer)
Dec 31, 2025
Improper Validation of Query Parameters in Auth0 Next.js SDK
Low
CVE-2025-67716
was published
for
@auth0/nextjs-auth0
(npm)
Dec 10, 2025
The on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online...
High
Unreviewed
CVE-2022-50238
was published
Sep 8, 2025
An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit...
High
Unreviewed
CVE-2025-48732
was published
Jul 24, 2025
ServiceNow has addressed an input validation vulnerability that was identified in the Washington...
Critical
Unreviewed
CVE-2024-5217
was published
Jul 10, 2024
PrestaShop Checkout Target PayPal merchant account hijacking from backoffice
Low
CVE-2025-61924
was published
for
prestashop/ps_checkout
(Composer)
Oct 16, 2025
A vulnerability in the OTRS Admin Interface and Agent Interface (versions before OTRS 8) allow...
Low
Unreviewed
CVE-2025-24388
was published
Jun 16, 2025
A vulnerability exists in the media upload component of the Asset
Suite versions listed below....
Moderate
Unreviewed
CVE-2025-1484
was published
May 30, 2025
Wasmtime doesn't fully sandbox all the Windows device filenames
Low
CVE-2024-51745
was published
for
wasmtime
(Rust)
Nov 5, 2024
Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate
High
CVE-2025-46417
was published
for
picklescan
(pip)
Apr 7, 2025
Duplicate Advisory: Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate
Moderate
GHSA-4p4h-9gvq-7xfg
was published
for
picklescan
(pip)
Apr 24, 2025
•
withdrawn
Apache Kylin vulnerable to Command injection by Useless configuration
High
CVE-2022-43396
was published
for
org.apache.kylin:kylin
(Maven)
Dec 30, 2022
Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis
Moderate
CVE-2025-1716
was published
for
picklescan
(pip)
Mar 3, 2025
Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker...
High
Unreviewed
CVE-2025-29822
was published
Apr 8, 2025
Picklescan missing detection when calling built-in python library function timeit.timeit()
Moderate
GHSA-v7x6-rv5q-mhwc
was published
for
picklescan
(pip)
Apr 7, 2025
ProTip!
Advisories are also available from the
GraphQL API