GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
31 advisories
Filter by severity
Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts
High
CVE-2026-45675
was published
for
open-webui
(pip)
May 14, 2026
Langchain-Chatchat has a Race Condition in its OpenAI-Compatible File Upload API
Low
CVE-2026-7846
was published
for
langchain-chatchat
(pip)
May 5, 2026
Prefect SSRF Bypass via DNS Rebinding in validate_restricted_url
Low
CVE-2026-7724
was published
for
prefect
(pip)
May 4, 2026
ajenti.plugin.core has race conditions in 2FA
Moderate
CVE-2026-40178
was published
for
ajenti.plugin.core
(pip)
Apr 10, 2026
Django has a Race Condition vulnerability
Low
CVE-2026-25674
was published
for
Django
(pip)
Mar 3, 2026
virtualenv Has TOCTOU Vulnerabilities in Directory Creation
Moderate
CVE-2026-22702
was published
for
virtualenv
(pip)
Jan 13, 2026
filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock
Moderate
CVE-2026-22701
was published
for
filelock
(pip)
Jan 13, 2026
filelock has a TOCTOU race condition which allows symlink attacks during lock file creation
Moderate
CVE-2025-68146
was published
for
filelock
(pip)
Dec 16, 2025
Agno session state overwrites between different sessions/users
High
CVE-2025-64168
was published
for
agno
(pip)
Oct 31, 2025
Gradio has a race condition in update_root_in_config may redirect user traffic
High
CVE-2024-47870
was published
for
gradio
(pip)
Oct 10, 2024
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Moderate
CVE-2024-35255
was published
for
@azure/identity
(Go)
Jun 11, 2024
WordOps has TOCTOU race condition
Moderate
CVE-2024-34528
was published
for
wordops
(pip)
May 6, 2024
vantage6 vulnerable to a username timing attack on recover password/MFA token
Moderate
CVE-2024-24770
was published
for
vantage6
(pip)
Mar 15, 2024
Apache Airflow exposes arbitrary file content
Moderate
CVE-2022-38170
was published
for
apache-airflow
(pip)
Sep 3, 2022
ansible-runner vulnerable to Race Condition
Moderate
CVE-2021-3702
was published
for
ansible-runner
(pip)
Aug 24, 2022
Uncaught Exception (due to a data race) leads to process termination in Waitress
High
CVE-2022-31015
was published
for
waitress
(pip)
Jun 2, 2022
Concurrent Execution using Shared Resource with Improper Synchronization in pyftpdlib
High
CVE-2010-3494
was published
for
pyftpdlib
(pip)
May 17, 2022
Zope Object Database Denial of Service vulnerability
Moderate
CVE-2010-3495
was published
for
zodb3
(pip)
May 17, 2022
OpenStack Neutron Race condition vulnerability
Low
CVE-2015-5240
was published
for
neutron
(pip)
May 17, 2022
Radicale is vulnerable to timing oracles and simple bruteforce attacks
High
CVE-2017-8342
was published
for
Radicale
(pip)
May 13, 2022
OpenStack Neutron Race Condition vulnerability
Moderate
CVE-2017-7543
was published
for
neutron
(pip)
May 13, 2022
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib
Moderate
CVE-2009-5011
was published
for
pyftpdlib
(pip)
May 2, 2022
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib
Moderate
CVE-2009-5010
was published
for
pyftpdlib
(pip)
May 2, 2022
ProTip!
Advisories are also available from the
GraphQL API