GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
2,268 advisories
Filter by severity
A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')...
High
Unreviewed
CVE-2026-57030
was published
Jul 10, 2026
Race in GetUserMedia in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who had...
High
Unreviewed
CVE-2026-15119
was published
Jul 9, 2026
FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcman_channel_close and...
High
Unreviewed
CVE-2026-56297
was published
Jul 8, 2026
@better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive
High
CVE-2026-53518
was published
for
@better-auth/oauth-provider
(npm)
Jul 7, 2026
Better Auth: OAuth refresh-token rotation forks the token family on concurrent redemption
High
CVE-2026-53517
was published
for
@better-auth/oauth-provider
(npm)
Jul 7, 2026
mkdir: -m exposes directory with umask perms before chmod (race window)
Low
CVE-2026-35353
was published
for
uu_mkdir
(Rust)
Jul 6, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in...
Moderate
Unreviewed
CVE-2026-55945
was published
Jul 3, 2026
goshs: Share-link ?token=… redemption races past download limit
Moderate
CVE-2026-50139
was published
for
goshs.de/goshs/v2
(Go)
Jul 1, 2026
SurrealDB: HTTP RPC Session Race Condition Allows Privilege Escalation
High
GHSA-4vgr-h27g-cf9p
was published
for
surrealdb
(Rust)
Jul 1, 2026
A Race Condition vulnerability affecting BIOVIA Workbook from Release 2021 through Release 2026...
High
Unreviewed
CVE-2026-5120
was published
Jul 1, 2026
Race in History Embeddings in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to...
Moderate
Unreviewed
CVE-2026-14133
was published
Jul 1, 2026
Race in Storage in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross...
Moderate
Unreviewed
CVE-2026-14082
was published
Jul 1, 2026
Race in WebRTC in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to...
Moderate
Unreviewed
CVE-2026-14015
was published
Jul 1, 2026
Race in DataTransfer in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain...
Moderate
Unreviewed
CVE-2026-13874
was published
Jul 1, 2026
Race in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a local attacker to...
Moderate
Unreviewed
CVE-2026-13905
was published
Jul 1, 2026
Race in USB in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised...
Critical
Unreviewed
CVE-2026-13882
was published
Jul 1, 2026
Paymenter has race condition in payWithCredit() that enables credit double-spend
Moderate
CVE-2026-55219
was published
for
paymenter/paymenter
(Composer)
Jun 30, 2026
A race condition was addressed with improved state handling. This issue is fixed in iOS 26.5.2...
Moderate
Unreviewed
CVE-2026-43743
was published
Jun 29, 2026
A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream...
Low
Unreviewed
CVE-2026-13502
was published
Jun 28, 2026
Filament: Multi-factor authentication (app) recovery codes can still be used multiple times via concurrent submission
High
CVE-2026-48505
was published
for
filament/filament
(Composer)
Jun 25, 2026
Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain a Concurrent...
Moderate
Unreviewed
CVE-2026-46732
was published
Jun 25, 2026
OliveTin has a Concurrent Template Parsing Race Condition which Leads to Cross-Request Command Contamination
High
CVE-2026-48708
was published
for
github.com/OliveTin/OliveTin
(Go)
Jun 24, 2026
CoreWCF: UnixDomainSocket Non-Reentrant POSIX Identity Resolution
Moderate
CVE-2026-54778
was published
for
CoreWCF.UnixDomainSocket
(NuGet)
Jun 19, 2026
HVM guest I/O port accesses are subject to either emulation or at least
translation. ...
High
Unreviewed
CVE-2026-42487
was published
Jun 18, 2026
Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had...
High
Unreviewed
CVE-2026-12468
was published
Jun 17, 2026
ProTip!
Advisories are also available from the
GraphQL API