Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,343
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,550
Pub
12
RubyGems
1,013
Rust
1,203
Swift
51
Unreviewed advisories
All unreviewed
5,000+

12,313 advisories

Loading
OpenClaw has ACP CLI approval prompt ANSI escape sequence injection Moderate
GHSA-4hmj-39m8-jwc7 was published for openclaw (npm) Mar 29, 2026
nexrin Credited to nexrin
OpenClaw: Telegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State Moderate
GHSA-j4c9-w69r-cw33 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Webhook Token Moderate
GHSA-mf5g-6r6f-ghhm was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: MS Teams Feedback Invocation Bypasses Sender Allowlists and Records Unauthorized Session Feedback Moderate
GHSA-rf6h-5gpw-qrgq was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: Feishu Raw Card Send Surface Can Mint Legacy Card Callbacks That Bypass DM Pairing Moderate
GHSA-77w2-crqv-cmv3 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: Feishu webhook reads and parses unauthenticated request bodies before signature validation Moderate
GHSA-3h52-cx59-c456 was published for openclaw (npm) Mar 29, 2026
tdjackey Credited to tdjackey
OpenClaw: Google Chat Authz Bypass via Group Policy Rebinding with Mutable Space displayName Moderate
GHSA-52q4-3xjc-6778 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: Gateway HTTP Session History Route Bypasses Operator Read Scope Moderate
GHSA-5jvj-hxmh-6h6j was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
Keycloak: Missing Role Enforcement on UMA 2.0 Permission Ticket Endpoint Leads to Information Disclosure Moderate
CVE-2026-3190 was published for org.keycloak:keycloak-model-jpa (Maven) Mar 26, 2026
Keycloak: manage-clients permission escalates to full realm admin access Moderate
CVE-2026-3121 was published for org.keycloak:keycloak-services (Maven) Mar 26, 2026
AVideo: IDOR in uploadPoster.php Allows Any Authenticated User to Overwrite Scheduled Live Stream Posters and Trigger False Socket Notifications Moderate
CVE-2026-34247 was published for wwbn/avideo (Composer) Mar 29, 2026
offset Credited to offset
AVideo: Missing Authorization in Playlist Schedule Creation Allows Cross-User Broadcast Hijacking Moderate
CVE-2026-34245 was published for wwbn/avideo (Composer) Mar 29, 2026
offset Credited to offset
OpenCC has an Out-of-bounds read when processing truncated UTF-8 input Moderate
GHSA-7fqq-q52p-2jjg was published for OpenCC (npm) Mar 29, 2026
Handlebars.js has a Prototype Method Access Control Gap via Missing __lookupSetter__ Blocklist Entry Moderate
GHSA-7rx3-28cr-v5wh was published for handlebars (npm) Mar 29, 2026
TinkAnet Credited to TinkAnet
mppx has Stripe charge credential replay via missing idempotency check Moderate
CVE-2026-34210 was published for mppx (npm) Mar 29, 2026
samczsun Credited to samczsun and veria-labs veria-labs veria-labs
Pterodactyl improperly locks resources allowing raced queries to create more resources than alloted Moderate
CVE-2025-69198 was published for pterodactyl/panel (Composer) Jan 20, 2026
vsevolodmelnyk Credited to vsevolodmelnyk and hymaxo hymaxo hymaxo
OpenClaw: Telegram Webhook Missing Guess Rate Limiting Enables Brute-Force Guessing of Weak Webhook Secret Moderate
GHSA-vcx4-4qxg-mfp4 was published for openclaw (npm) Mar 27, 2026
zpbrent Credited to zpbrent
OpenClaw: BlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events Moderate
GHSA-mw7w-g3mg-xqm7 was published for openclaw (npm) Mar 27, 2026
zpbrent Credited to zpbrent
OpenClaw: Matrix Verification Notices Bypass Matrix DM Policy and Reply to Unpaired DM Peers Moderate
GHSA-9wqx-g2cw-vc7r was published for openclaw (npm) Mar 27, 2026
zpbrent Credited to zpbrent
OpenClaw: BlueBubbles Webhook Missing Rate Limiting Enables Brute-Force Password Guessing Moderate
GHSA-xq8g-hgh6-87hv was published for openclaw (npm) Mar 27, 2026
zpbrent Credited to zpbrent
path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards Moderate
CVE-2026-4923 was published for path-to-regexp (npm) Mar 27, 2026
blakeembrey Credited to blakeembrey and UlisesGascon UlisesGascon UlisesGascon
Kirby CMS has Persistent DoS via Malformed Image Upload Moderate
CVE-2026-29905 was published for getkirby/cms (Composer) Mar 27, 2026
Stalin-143 Credited to Stalin-143
NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching Moderate
CVE-2026-33248 was published for github.com/nats-io/nats-server (Go) Mar 24, 2026
NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing Moderate
CVE-2026-33223 was published for github.com/nats-io/nats-server (Go) Mar 24, 2026
NATS JetStream has an authorization bypass through its Management API Moderate
CVE-2026-33222 was published for github.com/nats-io/nats-server (Go) Mar 24, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database