Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

13,907 advisories

Loading
OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in... Low Unreviewed
CVE-2026-41362 was published Apr 28, 2026
A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to... Low Unreviewed
CVE-2025-54505 was published Apr 27, 2026
A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects... Low Unreviewed
CVE-2026-7085 was published Apr 27, 2026
A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function... Low Unreviewed
CVE-2026-7038 was published Apr 26, 2026
OpenClaw: Browser CDP profile creation skipped strict-mode SSRF checks Low
GHSA-j4c5-89f5-f3pm was published for openclaw (npm) Apr 25, 2026
nicky-cc Credited to nicky-cc
OpenClaw: Paired-device pairing actions were not limited to the caller device Low
GHSA-xrq9-jm7v-g9h7 was published for openclaw (npm) Apr 25, 2026
Hinotoi-agent Credited to Hinotoi-agent
OpenClaw: QQBot direct media upload skipped URL SSRF validation Low
GHSA-c4qg-j8jg-42q5 was published for openclaw (npm) Apr 25, 2026
foodlook Credited to foodlook
OpenClaw: Isolated cron awareness events were recorded as trusted system events Low
GHSA-57r2-h2wj-g887 was published for openclaw (npm) Apr 25, 2026
zsxsoft Credited to zsxsoft, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
OpenClaw: Assistant media route missed scope enforcement for trusted-proxy authorization Low
GHSA-v8qf-fr4g-28p2 was published for openclaw (npm) Apr 25, 2026
Kherrisan Credited to Kherrisan
Kimai has Missing Object-Level Authorization in the Team API Low
CVE-2026-41498 was published for kimai/kimai (Composer) Apr 24, 2026
AzureADTrent Credited to AzureADTrent
An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of... Low Unreviewed
CVE-2026-31051 was published Apr 24, 2026
AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated... Low Unreviewed
CVE-2026-4313 was published Apr 24, 2026
OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device... Low Unreviewed
CVE-2026-41356 was published Apr 24, 2026
OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based... Low Unreviewed
CVE-2026-41357 was published Apr 24, 2026
OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non... Low Unreviewed
CVE-2026-41358 was published Apr 24, 2026
A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The... Low Unreviewed
CVE-2026-2708 was published Apr 24, 2026
OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that... Low Unreviewed
CVE-2026-41341 was published Apr 24, 2026
OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when... Low Unreviewed
CVE-2026-41347 was published Apr 24, 2026
OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command... Low Unreviewed
CVE-2026-41348 was published Apr 24, 2026
melange has Path Traversal via .PKGINFO in --persist-lint-results Low
CVE-2026-29051 was published for chainguard.dev/melange (Go) Apr 23, 2026
1seal Credited to 1seal and antitree antitree antitree
Cloudflare has SSRF via redirect following through its image-binding-transform endpoint (incomplete fix for GHSA-qpr4) Low
CVE-2026-41321 was published for @astrojs/cloudflare (npm) Apr 23, 2026
kodareef5 Credited to kodareef5
OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant... Low Unreviewed
CVE-2026-41908 was published Apr 23, 2026
The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key... Low Unreviewed
CVE-2026-4512 was published Apr 23, 2026
uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID... Low Unreviewed
CVE-2026-41988 was published Apr 23, 2026
IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration... Low Unreviewed
CVE-2026-1272 was published Apr 23, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database