GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
151,732 advisories
OpenClaw: Sandboxed /acp spawn requests could initialize host ACP sessions
Moderate
GHSA-9q36-67vc-rrwg
was published
for
openclaw
(npm)
Mar 9, 2026
OpenClaw: system.run allow-always persistence included shell-commented payload tails
Moderate
GHSA-9q2p-vc84-2rwm
was published
for
openclaw
(npm)
Mar 9, 2026
OpenClaw: `operator.write` chat.send could reach admin-only config writes
Moderate
GHSA-hfpr-jhpq-x4rm
was published
for
openclaw
(npm)
Mar 9, 2026
OpenClaw: system.run wrapper-depth boundary could skip shell approval gating
Moderate
GHSA-r6qf-8968-wj9q
was published
for
openclaw
(npm)
Mar 9, 2026
OpenClaw: Cross-account sender authorization expansion in `/allowlist ... --store` account scoping
Moderate
GHSA-pjvx-rx66-r3fg
was published
for
openclaw
(npm)
Mar 9, 2026
OpenClaw's system.run allowlist approval parsing missed PowerShell encoded-command wrappers
Moderate
GHSA-3h2q-j2v4-6w5r
was published
for
openclaw
(npm)
Mar 9, 2026
OpenClaw's `system.run` env override filtering allowed dangerous helper-command pivots
Moderate
GHSA-j425-whc4-4jgc
was published
for
openclaw
(npm)
Mar 9, 2026
OpenClaw's hooks count non-POST requests toward auth lockout
Moderate
GHSA-6rmx-gvvg-vh6j
was published
for
openclaw
(npm)
Mar 9, 2026
Parse Server: GraphQL `__type` introspection bypass via inline fragments when public introspection is disabled
Moderate
CVE-2026-30854
was published
for
parse-server
(npm)
Mar 9, 2026
Parse Server: File metadata endpoint bypasses `beforeFind` / `afterFind` trigger authorization
Moderate
CVE-2026-30850
was published
for
parse-server
(npm)
Mar 9, 2026
Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory
Moderate
CVE-2026-30848
was published
for
parse-server
(npm)
Mar 9, 2026
Kubewarden: Cross-namespace data exfiltration via deprecated host callback binding
Moderate
CVE-2026-29773
was published
for
github.com/kubewarden/kubewarden-controller
(Go)
Mar 9, 2026
ProTip!
Advisories are also available from the
GraphQL API