GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
112 advisories
Filter by severity
mkdir: -m exposes directory with umask perms before chmod (race window)
Low
CVE-2026-35353
was published
for
uu_mkdir
(Rust)
Jul 6, 2026
A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream...
Low
Unreviewed
CVE-2026-13502
was published
Jun 28, 2026
A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function...
Low
Unreviewed
CVE-2026-10565
was published
Jun 2, 2026
Race in WebRTC in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to...
Low
Unreviewed
CVE-2026-9959
was published
May 29, 2026
A vulnerability has been found in EMQX up to 6.2.0. This affects an unknown function of the file...
Low
Unreviewed
CVE-2026-8741
was published
May 17, 2026
Race in Shared Storage in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had...
Low
Unreviewed
CVE-2026-7954
was published
May 6, 2026
parse-server: MFA SMS one-time password accepted twice under concurrent login
Low
CVE-2026-43930
was published
for
parse-server
(npm)
May 5, 2026
Langchain-Chatchat has a Race Condition in its OpenAI-Compatible File Upload API
Low
CVE-2026-7846
was published
for
langchain-chatchat
(pip)
May 5, 2026
Prefect SSRF Bypass via DNS Rebinding in validate_restricted_url
Low
CVE-2026-7724
was published
for
prefect
(pip)
May 4, 2026
Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an attacker who convinced a user...
Low
Unreviewed
CVE-2026-7351
was published
Apr 29, 2026
UAF vulnerability in the screen management module.
Impact: Successful exploitation of this...
Low
Unreviewed
CVE-2026-34849
was published
Apr 13, 2026
Race condition vulnerability in the notification service.
Impact: Successful exploitation of this...
Low
Unreviewed
CVE-2026-34850
was published
Apr 13, 2026
Race condition vulnerability in the event notification module.
Impact: Successful exploitation of...
Low
Unreviewed
CVE-2026-34851
was published
Apr 13, 2026
OpenClaw: Concurrent async auth attempts can bypass the intended shared-secret rate-limit budget on Tailscale-capable paths
Low
CVE-2026-41913
was published
for
openclaw
(npm)
Apr 9, 2026
In VPU, there is a possible use-after-free read due to a race condition. This could lead to local...
Low
Unreviewed
CVE-2026-0121
was published
Mar 10, 2026
Django has a Race Condition vulnerability
Low
CVE-2026-25674
was published
for
Django
(pip)
Mar 3, 2026
An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a...
Low
Unreviewed
CVE-2026-0995
was published
Mar 2, 2026
Turbo Frame responses can restore stale session cookies
Low
CVE-2025-66803
was published
for
@hotwired/turbo
(npm)
Jan 20, 2026
A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function of...
Low
Unreviewed
CVE-2025-15242
was published
Dec 30, 2025
A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2,...
Low
Unreviewed
CVE-2025-43531
was published
Dec 17, 2025
Wasmtime provides unsound API access to a WebAssembly shared linear memory
Low
CVE-2025-64345
was published
for
wasmtime
(Rust)
Nov 12, 2025
In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit
Low
Unreviewed
CVE-2025-64773
was published
Nov 11, 2025
In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit
Low
Unreviewed
CVE-2025-64682
was published
Nov 10, 2025
A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown...
Low
Unreviewed
CVE-2025-10778
was published
Sep 22, 2025
A vulnerability was detected in GrandNode up to 2.3.0. The impacted element is an unknown...
Low
Unreviewed
CVE-2025-10216
was published
Sep 10, 2025
ProTip!
Advisories are also available from the
GraphQL API