Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,323
Maven
5,000+
npm
5,000+
NuGet
880
pip
4,533
Pub
12
RubyGems
1,010
Rust
1,201
Swift
51
Unreviewed advisories
All unreviewed
5,000+

9,793 advisories

Loading
n8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account Takeover High
CVE-2026-33665 was published for n8n (npm) Mar 25, 2026
weblover12 Credited to weblover12, 34selen, B0RI, and Jeon-Ji-Hwan 34selen 34selen
B0RI B0RI Jeon-Ji-Hwan Jeon-Ji-Hwan
rubyipmi is vulnerable to OS Command Injection through malicious usernames High
CVE-2026-0980 was published for rubyipmi (RubyGems) Feb 27, 2026
foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set High
CVE-2026-1531 was published for foreman_kubevirt (RubyGems) Feb 2, 2026
C2C CI utils is vulnerable to DoS via pyasn dependency (CVE-2026-30922) High
GHSA-wcjx-v2wj-xg87 was published for c2cciutils (pip) Mar 26, 2026
Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code High
CVE-2026-33943 was published for happy-dom (npm) Mar 26, 2026
tndud042713 Credited to tndud042713
Ella Core has Privilege Escalation via Database Restore by NetworkManager role High
CVE-2026-33906 was published for github.com/ellanetworks/core (Go) Mar 26, 2026
offset Credited to offset
Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation) High
CVE-2026-33896 was published for node-forge (npm) Mar 26, 2026
peaktwilight Credited to peaktwilight
Forge has signature forgery in Ed25519 due to missing S > L check High
CVE-2026-33895 was published for node-forge (npm) Mar 26, 2026
corbanvilla Credited to corbanvilla, dderpym, and soh3e dderpym dderpym
soh3e soh3e
Forge has signature forgery in RSA-PKCS due to ASN.1 extra field High
CVE-2026-33894 was published for node-forge (npm) Mar 26, 2026
corbanvilla Credited to corbanvilla and dderpym dderpym dderpym
Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input High
CVE-2026-33891 was published for node-forge (npm) Mar 26, 2026
Kr0emer Credited to Kr0emer
OpenClaw: Symlink Traversal via IDENTITY.md appendFile in agents.create/update (Incomplete Fix for CVE-2026-32013) High
GHSA-7xr2-q9vf-x4r5 was published for openclaw (npm) Mar 26, 2026
YLChen-007 Credited to YLChen-007
OpenClaw's Conflicting Tool Identity Hints Bypass Dangerous-Tool Prompting High
GHSA-74wf-h43j-vvmj was published for openclaw (npm) Mar 26, 2026
zpbrent Credited to zpbrent
OpenClaw: Google Chat app-url webhook auth accepted non-deployment add-on principals High
GHSA-mp66-rf4f-mhh8 was published for openclaw (npm) Mar 26, 2026
fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation High
CVE-2026-1530 was published for fog-kubevirt (RubyGems) Feb 2, 2026
OpenClaw's mutating internal ACP chat commands missed operator.admin scope enforcement High
GHSA-3w6x-gv34-mqpf was published for openclaw (npm) Mar 26, 2026
tdjackey Credited to tdjackey
OpenClaw has Inconsistent Host Exec Environment Override Sanitization High
GHSA-39pp-xp36-q6mg was published for openclaw (npm) Mar 26, 2026
zpbrent Credited to zpbrent
OpenClaw's Trusted-proxy Control UI sessions retain privileged scopes without device identity on device-less allow paths High
GHSA-48vw-m3qc-wr99 was published for openclaw (npm) Mar 26, 2026
nexrin Credited to nexrin
OpenClaw: Remote media error responses could trigger unbounded memory allocation before failure High
GHSA-4qwc-c7g9-4xcw was published for openclaw (npm) Mar 26, 2026
Contrast BadAML injection allows arbitrary code execution High
GHSA-g9ww-x58f-9g6m was published for github.com/edgelesssys/contrast (Go) Mar 26, 2026
katexochen Credited to katexochen and sespiros sespiros sespiros
OpenClaw: Arbitrary code execution via unvalidated WebView JavascriptInterface High
GHSA-cxmw-p77q-wchg was published for openclaw (npm) Mar 26, 2026
cyjhhh Credited to cyjhhh
OpenClaw's system.run allowlist can be bypassed through an unregistered time dispatch wrapper High
GHSA-qm9x-v7cx-7rq4 was published for openclaw (npm) Mar 26, 2026
YLChen-007 Credited to YLChen-007
OpenClaw: Nostr inbound DMs could trigger unauthenticated crypto work before sender policy enforcement High
GHSA-65h8-27jh-q8wv was published for openclaw (npm) Mar 26, 2026
kuranikaran Credited to kuranikaran
OpenClaw: Synology Chat reply delivery could be rebound through username-based user resolution. High
GHSA-wv46-v6xc-2qhf was published for openclaw (npm) Mar 26, 2026
nexrin Credited to nexrin
OpenClaw: Gateway agent /reset exposes admin session reset to operator.write callers High
GHSA-wq58-2pvg-5h4f was published for openclaw (npm) Mar 26, 2026
smaeljaish771 Credited to smaeljaish771
OpenClaw: Plivo V2 verified replay identity drifts on query-only variants High
GHSA-cg6c-q2hx-69h7 was published for openclaw (npm) Mar 26, 2026
smaeljaish771 Credited to smaeljaish771
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database