Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,376
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,570
Pub
13
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

507 advisories

Loading
Parse Server has an MFA single-use token bypass via concurrent authData login requests Low
CVE-2026-34224 was published for parse-server (npm) Mar 29, 2026
offset Credited to offset and mtrezza mtrezza mtrezza
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged... Moderate Unreviewed
CVE-2026-32988 was published Mar 31, 2026
OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable... Moderate Unreviewed
CVE-2026-32921 was published Mar 31, 2026
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in the fs-bridge... Moderate Unreviewed
CVE-2026-32977 was published Mar 31, 2026
OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host Moderate
CVE-2026-32043 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer... Moderate Unreviewed
CVE-2026-33574 was published Mar 29, 2026
OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to... High Unreviewed
CVE-2026-32979 was published Mar 29, 2026
Handlebars.js has a Property Access Validation Bypass in container.lookup Low
GHSA-442j-39wm-28r2 was published for handlebars (npm) Mar 29, 2026
TinkAnet Credited to TinkAnet
Parse Server: MFA recovery code single-use bypass via concurrent requests Low
CVE-2026-33624 was published for parse-server (npm) Mar 24, 2026
mtrezza Credited to mtrezza and spbavarva spbavarva spbavarva
OpenClaw may have stale policy enforcement for queued node actions Moderate
GHSA-wj55-88gf-x564 was published for openclaw (npm) Mar 26, 2026
zpbrent Credited to zpbrent
In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83791d) Convert... Moderate Unreviewed
CVE-2025-71111 was published Jan 14, 2026
In the Linux kernel, the following vulnerability has been resolved: net: dsa: improve shutdown... Moderate Unreviewed
CVE-2024-49998 was published Oct 21, 2024
Duplicate Advisory: OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host Moderate
GHSA-3p2x-hjxj-c7rv was published for openclaw (npm) Mar 21, 2026 withdrawn
OpenClaw: ZIP extraction race could write outside destination via parent symlink rebind High
CVE-2026-28483 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
The Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until... High Unreviewed
CVE-2026-23554 was published Mar 23, 2026
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted... Moderate Unreviewed
CVE-2015-1743 was published May 14, 2022
A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the... Moderate Unreviewed
CVE-2023-6917 was published Feb 28, 2024
The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain... Moderate Unreviewed
CVE-2004-0594 was published Apr 29, 2022
A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch... Moderate Unreviewed
CVE-2003-0813 was published Apr 29, 2022
OpenClaw: system.run approvals did not bind PATH-token executable identity, enabling post-approval executable rebind High
CVE-2026-31997 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
Parse Server has a password reset token single-use bypass via concurrent requests Low
CVE-2026-32943 was published for parse-server (npm) Mar 17, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
OpenClaw's web tools strict URL guard could lose DNS pinning when env proxy is configured Moderate
CVE-2026-22181 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
Duplicate Advisory: OpenClaw: system.run approvals did not bind PATH-token executable identity, enabling post-approval executable rebind Moderate
GHSA-q86m-697p-h7fh was published for openclaw (npm) Mar 19, 2026 withdrawn
OpenClaw versions prior to 2026.3.2 contain a race condition vulnerability in ZIP extraction that... Moderate Unreviewed
CVE-2026-27670 was published Mar 19, 2026
OpenClaw: Node system.run approval bypass via parent-symlink cwd rebind High
CVE-2026-27545 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database