Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

112 advisories

Loading
mkdir: -m exposes directory with umask perms before chmod (race window) Low
CVE-2026-35353 was published for uu_mkdir (Rust) Jul 6, 2026
parse-server: MFA SMS one-time password accepted twice under concurrent login Low
CVE-2026-43930 was published for parse-server (npm) May 5, 2026
adrgs Credited to adrgs, aisafe-bot, and mtrezza aisafe-bot aisafe-bot
mtrezza mtrezza
Langchain-Chatchat has a Race Condition in its OpenAI-Compatible File Upload API Low
CVE-2026-7846 was published for langchain-chatchat (pip) May 5, 2026
Prefect SSRF Bypass via DNS Rebinding in validate_restricted_url Low
CVE-2026-7724 was published for prefect (pip) May 4, 2026
nedlir Credited to nedlir
Telecaster2147 Credited to Telecaster2147
Django has a Race Condition vulnerability Low
CVE-2026-25674 was published for Django (pip) Mar 3, 2026
Turbo Frame responses can restore stale session cookies Low
CVE-2025-66803 was published for @hotwired/turbo (npm) Jan 20, 2026
domchristie Credited to domchristie, packagethief, and samoli packagethief packagethief
samoli samoli
Wasmtime provides unsound API access to a WebAssembly shared linear memory Low
CVE-2025-64345 was published for wasmtime (Rust) Nov 12, 2025
ProTip! Advisories are also available from the GraphQL API