Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,343
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,550
Pub
12
RubyGems
1,013
Rust
1,203
Swift
51
Unreviewed advisories
All unreviewed
5,000+

1,806 advisories

Loading
OpenClaw has ACP CLI approval prompt ANSI escape sequence injection Moderate
GHSA-4hmj-39m8-jwc7 was published for openclaw (npm) Mar 29, 2026
nexrin Credited to nexrin
OpenClaw: Telegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State Moderate
GHSA-j4c9-w69r-cw33 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Webhook Token Moderate
GHSA-mf5g-6r6f-ghhm was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: MS Teams Feedback Invocation Bypasses Sender Allowlists and Records Unauthorized Session Feedback Moderate
GHSA-rf6h-5gpw-qrgq was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: Feishu Raw Card Send Surface Can Mint Legacy Card Callbacks That Bypass DM Pairing Moderate
GHSA-77w2-crqv-cmv3 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: Feishu webhook reads and parses unauthenticated request bodies before signature validation Moderate
GHSA-3h52-cx59-c456 was published for openclaw (npm) Mar 29, 2026
tdjackey Credited to tdjackey
OpenClaw: Google Chat Authz Bypass via Group Policy Rebinding with Mutable Space displayName Moderate
GHSA-52q4-3xjc-6778 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: Gateway HTTP Session History Route Bypasses Operator Read Scope Moderate
GHSA-5jvj-hxmh-6h6j was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenCC has an Out-of-bounds read when processing truncated UTF-8 input Moderate
GHSA-7fqq-q52p-2jjg was published for OpenCC (npm) Mar 29, 2026
Handlebars.js has a Prototype Method Access Control Gap via Missing __lookupSetter__ Blocklist Entry Moderate
GHSA-7rx3-28cr-v5wh was published for handlebars (npm) Mar 29, 2026
TinkAnet Credited to TinkAnet
mppx has Stripe charge credential replay via missing idempotency check Moderate
CVE-2026-34210 was published for mppx (npm) Mar 29, 2026
samczsun Credited to samczsun and veria-labs veria-labs veria-labs
OpenClaw: Telegram Webhook Missing Guess Rate Limiting Enables Brute-Force Guessing of Weak Webhook Secret Moderate
GHSA-vcx4-4qxg-mfp4 was published for openclaw (npm) Mar 27, 2026
zpbrent Credited to zpbrent
OpenClaw: BlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events Moderate
GHSA-mw7w-g3mg-xqm7 was published for openclaw (npm) Mar 27, 2026
zpbrent Credited to zpbrent
OpenClaw: Matrix Verification Notices Bypass Matrix DM Policy and Reply to Unpaired DM Peers Moderate
GHSA-9wqx-g2cw-vc7r was published for openclaw (npm) Mar 27, 2026
zpbrent Credited to zpbrent
OpenClaw: BlueBubbles Webhook Missing Rate Limiting Enables Brute-Force Password Guessing Moderate
GHSA-xq8g-hgh6-87hv was published for openclaw (npm) Mar 27, 2026
zpbrent Credited to zpbrent
path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards Moderate
CVE-2026-4923 was published for path-to-regexp (npm) Mar 27, 2026
blakeembrey Credited to blakeembrey and UlisesGascon UlisesGascon UlisesGascon
DOMPurify is vulnerable to mutation-XSS via Re-Contextualization Moderate
GHSA-h8r8-wccr-v5f2 was published for dompurify (npm) Mar 27, 2026
researchatfluidattacks Credited to researchatfluidattacks and caverav caverav caverav
Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects Moderate
CVE-2026-34043 was published for serialize-javascript (npm) Mar 27, 2026
TomerAberbach Credited to TomerAberbach
n8n has XSS in its Credential Management Flow Moderate
GHSA-364x-8g5j-x2pr was published for n8n (npm) Mar 27, 2026
yohannslm Credited to yohannslm
n8n has XSS in Chat Trigger Node through Custom CSS Moderate
GHSA-3c7f-5hgj-h279 was published for n8n (npm) Mar 27, 2026
JorianWoltjer Credited to JorianWoltjer
n8n: Authenticated XSS and Open Redirect via Form Node Moderate
GHSA-w673-8fjw-457c was published for n8n (npm) Mar 27, 2026
tCu0n9 Credited to tCu0n9
n8n has a Stored XSS Vulnerability in its Form Trigger Moderate
GHSA-q4fm-pjq6-m63g was published for n8n (npm) Mar 27, 2026
tr4ce-ju Credited to tr4ce-ju
Locutus Prototype Pollution due to incomplete fix for CVE-2026-25521 Moderate
CVE-2026-33994 was published for locutus (npm) Mar 27, 2026
gtsp233 Credited to gtsp233
Locutus has Prototype Pollution via __proto__ Key Injection in unserialize() Moderate
CVE-2026-33993 was published for locutus (npm) Mar 27, 2026
offset Credited to offset
Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection Moderate
CVE-2026-33916 was published for handlebars (npm) Mar 26, 2026
ByamB4 Credited to ByamB4
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database