Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
42
Go
3,123
Maven
5,000+
npm
5,000+
NuGet
826
pip
4,431
Pub
12
RubyGems
988
Rust
1,171
Swift
50
Unreviewed advisories
All unreviewed
5,000+

10,275 advisories

Loading
OpenClaw's dashboard leaked gateway auth material via browser URL/query and localStorage High
GHSA-rchv-x836-w7xp was published for openclaw (npm) Mar 9, 2026
whiter6666 Credited to whiter6666
Glances Exposes Unauthenticated Configuration Secrets High
CVE-2026-30928 was published for glances (pip) Mar 9, 2026
theamanrawat Credited to theamanrawat and neo-ai-engineer neo-ai-engineer neo-ai-engineer
FileBrowser Quantum: Password-Protected Share Bypass via /public/api/share/info High
CVE-2026-30933 was published for github.com/gtsteffaniak/filebrowser/backend (Go) Mar 9, 2026
mdcoxe Credited to mdcoxe
Shescape has possible misidentification of shell due to link chains Low
CVE-2026-30916 was published for shescape (npm) Mar 7, 2026
SiYuan Vulnerable to Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage Critical
CVE-2026-30869 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 7, 2026
Zwique Credited to Zwique
Caddy's vars_regexp double-expands user input, leaking env vars and files Moderate
CVE-2026-30852 was published for github.com/caddyserver/caddy/v2/modules/caddyhttp (Go) Mar 6, 2026
sammiee5311 Credited to sammiee5311
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-2589 was published Mar 6, 2026
Flowise Vulnerable to PII Disclosure on Unauthenticated Forgot Password Endpoint Moderate
GHSA-jc5m-wrp2-qq38 was published for flowise (npm) Mar 5, 2026
tenbbughunters Credited to tenbbughunters
Plane is Vulnerable to Unauthenticated Workspace Member Information Disclosure High
CVE-2026-30244 was published for plane (pip) Mar 5, 2026
Sanu1999 Credited to Sanu1999
mcp-memory-service Vulnerable to System Information Disclosure via Health Endpoint Moderate
CVE-2026-29787 was published for mcp-memory-service (pip) Mar 5, 2026
yotampe-pluto Credited to yotampe-pluto
OliveTin doesn't check view permission when returning dashboards Moderate
CVE-2026-30233 was published for github.com/OliveTin/OliveTin (Go) Mar 5, 2026
Zwique Credited to Zwique
Gokapi has Data Leak in Upload Status Stream Moderate
CVE-2026-28682 was published for github.com/forceu/gokapi (Go) Mar 5, 2026
Sijisu Credited to Sijisu, aisafe-bot, and Forceu aisafe-bot aisafe-bot
Forceu Forceu
OpenClaw Vulnerable to Local File Exfiltration via MCP Tool Result MEDIA: Directive Injection Moderate
GHSA-jjgj-cpp9-cvpv was published for openclaw (npm) Mar 4, 2026
NucleiAv Credited to NucleiAv
OpenClaw's image tool bypasses tools.fs.workspaceOnly on sandbox mount paths and exfiltrates out-of-workspace images Moderate
GHSA-q6qf-4p5j-r25g was published for openclaw (npm) Mar 4, 2026
tdjackey Credited to tdjackey
Dark Reader gives users the ability to request style sheets from local web servers Low
CVE-2025-68467 was published for darkreader (npm) Mar 4, 2026
The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure... Moderate Unreviewed
CVE-2026-3058 was published Mar 4, 2026
SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without... Moderate Unreviewed
CVE-2026-2747 was published Mar 4, 2026
The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API... High Unreviewed
CVE-2026-2025 was published Mar 4, 2026
The WPBookit plugin for WordPress is vulnerable to unauthorized data disclosure due to a missing... Moderate Unreviewed
CVE-2026-1980 was published Mar 4, 2026
OpenClaw: Native prompt image auto-load did not honor tools.fs.workspaceOnly in sandboxed runs High
GHSA-9f72-qcpw-2hxc was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
Rancher doesn't properly sanitize credentials in cluster template answers Critical
CVE-2021-36783 was published for github.com/rancher/rancher (Go) Mar 3, 2026
OpenClaw: macOS beta onboarding exposed PKCE verifier via OAuth state Moderate
GHSA-6g25-pc82-vfwp was published for openclaw (npm) Mar 3, 2026
zdi-disclosures Credited to zdi-disclosures
OpenClaw: Message action attachment hydration bypasses local media root checks when sandboxRoot is unset High
GHSA-fqcm-97m6-w7rm was published for openclaw (npm) Mar 2, 2026
GCXWLP Credited to GCXWLP
In jump_to_payload of payload.rs, there is a possible information disclosure due to a logic error... Moderate Unreviewed
CVE-2025-48642 was published Mar 2, 2026
In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of... Moderate Unreviewed
CVE-2026-0005 was published Mar 2, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database