Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,066
Maven
5,000+
npm
4,947
NuGet
825
pip
4,403
Pub
12
RubyGems
988
Rust
1,151
Swift
50
Unreviewed advisories
All unreviewed
5,000+

13,400 advisories

Loading
Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam... Low Unreviewed
CVE-2026-2994 was published Mar 4, 2026
OpenClaw's tools.exec.safeBins generic fallback allowed interpreter-style inline payload execution in allowlist mode Low
GHSA-8mf7-vv8w-hjr2 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw reuses the gateway auth token in the owner ID prompt hashing fallback Low
GHSA-v6x2-2qvm-6gv8 was published for openclaw (npm) Mar 3, 2026
OpenClaw's voice-call Twilio replay dedupe now bound to authenticated webhook identity Low
GHSA-gcj7-r3hg-m7w6 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: Microsoft Teams media fetch paths bypass shared SSRF guard model Low
GHSA-7qf6-h84j-8fq4 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's runtime /debug override path accepted prototype-reserved keys Low
GHSA-62f6-mrcj-v8h5 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw has a Trusted-proxy Control UI pairing bypass which allows unpaired node sessions Low
GHSA-vvgp-4c28-m3jm was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy... Low Unreviewed
CVE-2026-26887 was published Mar 3, 2026
Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in ... Low Unreviewed
CVE-2026-26891 was published Mar 3, 2026
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy... Low Unreviewed
CVE-2026-26888 was published Mar 3, 2026
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy... Low Unreviewed
CVE-2026-26889 was published Mar 3, 2026
Craft CMS Vulnerable to Stored XSS in Settings Names and Field Options Low
GHSA-4mgv-366x-qxvx was published for craftcms/cms (Composer) Mar 3, 2026
mHe4am Credited to mHe4am
aws-kms-tls-auth vulnerable to memory overallocation Low
GHSA-5whh-4q9j-7v28 was published for aws-kms-tls-auth (Rust) Mar 3, 2026
An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a... Low Unreviewed
CVE-2023-31044 was published Mar 3, 2026
Sourcecodester Simple Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in... Low Unreviewed
CVE-2026-26883 was published Mar 3, 2026
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy... Low Unreviewed
CVE-2026-26890 was published Mar 3, 2026
Sourcecodester Simple Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in... Low Unreviewed
CVE-2026-26884 was published Mar 3, 2026
Sourcecodester Simple Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in... Low Unreviewed
CVE-2026-26885 was published Mar 3, 2026
A vulnerability was determined in Tuya App and SDK 24.07.11 on Android. Affected by this... Low Unreviewed
CVE-2026-3465 was published Mar 3, 2026
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race... Low Unreviewed
CVE-2026-25674 was published Mar 3, 2026
Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged... Low Unreviewed
CVE-2026-20757 was published Mar 3, 2026
OpenClaw's Control UI Static File Handler Follows Symlinks and Allows Out-of-Root File Read Low
GHSA-5ghc-98wh-gwwf was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw macOS companion app (beta): allowlist parsing mismatch for system.run shell chains Low
GHSA-5f9p-f3w2-fwch was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw has Signal group allowlist authorization bypass via DM pairing-store leakage Low
GHSA-wm8r-w8pf-2v6w was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
NocoDB has Plaintext Storage of Shared View Passwords Low
CVE-2026-28360 was published for nocodb (npm) Mar 2, 2026
Tulgaaaaaaaa Credited to Tulgaaaaaaaa
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database