Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

472 advisories

Loading
OpenClaw: Fake DeviceToken Bypasses Shared Auth Rate Limiting Moderate
GHSA-6p8r-6m93-557f was published for openclaw (npm) Apr 3, 2026
kexinoh Credited to kexinoh
OpenClaw's Nextcloud Talk webhook missing rate limiting on shared secret authentication Moderate
GHSA-9528-x887-j2fp was published for openclaw (npm) Mar 31, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk... Moderate Unreviewed
CVE-2026-33580 was published Mar 31, 2026
OpenClaw before 2026.3.12 applies rate limiting only after webhook authentication succeeds,... Moderate Unreviewed
CVE-2026-34508 was published Mar 31, 2026
OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication,... Moderate Unreviewed
CVE-2026-34505 was published Mar 31, 2026
OpenClaw: Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Webhook Token Moderate
GHSA-mf5g-6r6f-ghhm was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: Telegram Webhook Missing Guess Rate Limiting Enables Brute-Force Guessing of Weak Webhook Secret Moderate
GHSA-vcx4-4qxg-mfp4 was published for openclaw (npm) Mar 27, 2026
zpbrent Credited to zpbrent
OpenClaw: BlueBubbles Webhook Missing Rate Limiting Enables Brute-Force Password Guessing Moderate
GHSA-xq8g-hgh6-87hv was published for openclaw (npm) Mar 27, 2026
zpbrent Credited to zpbrent
AVideo has an Unauthenticated Video Password Brute-Force Vulnerability via Unrate-Limited Boolean Oracle Moderate
CVE-2026-33763 was published for wwbn/avideo (Composer) Mar 26, 2026
offset Credited to offset
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting... High Unreviewed
CVE-2026-31851 was published Mar 23, 2026
The WebSocket Application Programming Interface lacks restrictions on the number of... High Unreviewed
CVE-2026-31904 was published Mar 21, 2026
The WebSocket Application Programming Interface lacks restrictions on the number of... High Unreviewed
CVE-2026-31903 was published Mar 21, 2026
MinIO LDAP login brute-force via user enumeration and missing rate limit Critical
CVE-2026-33419 was published for github.com/minio/minio (Go) Mar 20, 2026
harshavardhana Credited to harshavardhana, donatello, and taran-p donatello donatello
taran-p taran-p
JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess... Critical Unreviewed
CVE-2026-32295 was published Mar 17, 2026
The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enabling brute-force... Critical Unreviewed
CVE-2026-32292 was published Mar 17, 2026
Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker... Moderate Unreviewed
CVE-2025-69246 was published Mar 16, 2026
OpenClaw: Zalo webhook rate limiting could be bypassed before secret validation Moderate
GHSA-5m9r-p9g7-679c was published for openclaw (npm) Mar 13, 2026
zpbrent Credited to zpbrent
Anytype Heart's gRPC API client challenge verification can be bypassed on localhost Low
CVE-2026-31863 was published for github.com/anyproto/anytype-cli (Go) Mar 11, 2026
An improper restriction of excessive authentication attempts vulnerability in Fortinet... Low Unreviewed
CVE-2026-22629 was published Mar 10, 2026
Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and... Critical Unreviewed
CVE-2025-69615 was published Mar 10, 2026
OneUptime has WhatsApp Resend Verification Authorization Bypass Moderate
CVE-2026-30959 was published for @oneuptime/common (npm) Mar 10, 2026
Aryma-f4 Credited to Aryma-f4
OpenClaw's hooks count non-POST requests toward auth lockout Moderate
GHSA-6rmx-gvvg-vh6j was published for openclaw (npm) Mar 9, 2026
JNX03 Credited to JNX03
The WebSocket Application Programming Interface lacks restrictions on the number of... High Unreviewed
CVE-2026-20882 was published Mar 6, 2026
The WebSocket Application Programming Interface lacks restrictions on the number of... High Unreviewed
CVE-2026-24696 was published Mar 6, 2026
The WebSocket Application Programming Interface lacks restrictions on the number of... High Unreviewed
CVE-2026-27778 was published Mar 6, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database