GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
8 advisories
Improper Request Caching Lookup in the Auth0 Next.js SDK
Moderate
CVE-2025-67490
was published
for
@auth0/nextjs-auth0
(npm)
Dec 10, 2025
Improper Validation of Query Parameters in Auth0 Next.js SDK
Low
CVE-2025-67716
was published
for
@auth0/nextjs-auth0
(npm)
Dec 10, 2025
OpenClaw BlueBubbles webhook auth bypass via loopback proxy trust
High
CVE-2026-26316
was published
for
@openclaw/bluebubbles
(npm)
Feb 17, 2026
OpenClaw has a command injection in maintainer clawtributors updater
High
CVE-2026-26323
was published
for
openclaw
(npm)
Feb 18, 2026
Nextcloud Talk allowlist bypass via actor.name display name spoofing
Critical
CVE-2026-28474
was published
for
@openclaw/nextcloud-talk
(npm)
Feb 17, 2026
OpenClaw has a Matrix allowlist bypass via displayName and cross-homeserver localpart matching
Moderate
CVE-2026-28471
was published
for
openclaw
(npm)
Feb 17, 2026
OpenClaw has an inbound allowlist policy bypass in voice-call extension (empty caller ID + suffix matching)
Critical
CVE-2026-28446
was published
for
openclaw
(npm)
Feb 17, 2026
OpenClaw Twitch allowFrom is not enforced in optional plugin, unauthorized chat users can trigger agent pipeline
High
CVE-2026-28448
was published
for
openclaw
(npm)
Feb 17, 2026
ProTip!
Advisories are also available from the
GraphQL API