GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
12 advisories
OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes
Moderate
GHSA-5h3g-6xhh-rg6p
was published
for
openclaw
(npm)
May 4, 2026
OpenClaw: OpenShell FS bridge writes stay pinned to the sandbox mount root
High
GHSA-wppj-c6mr-83jj
was published
for
openclaw
(npm)
May 4, 2026
OpenClaw's exec allowlist analysis rejects shell expansion in unquoted heredocs
Moderate
GHSA-x3h8-jrgh-p8jx
was published
for
openclaw
(npm)
May 4, 2026
OpenClaw: MCP loopback owner context is derived from server-issued bearer tokens
High
GHSA-r6xh-pqhr-v4xh
was published
for
openclaw
(npm)
May 4, 2026
Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field
Critical
CVE-2026-41328
was published
for
github.com/dgraph-io/dgraph
(Go)
Apr 24, 2026
Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field
Critical
CVE-2026-41327
was published
for
github.com/dgraph-io/dgraph
(Go)
Apr 24, 2026
LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions
High
CVE-2026-34070
was published
for
langchain-core
(pip)
Mar 27, 2026
Moby has AuthZ plugin bypass when provided oversized request bodies
High
CVE-2026-34040
was published
for
github.com/docker/docker
(Go)
Mar 27, 2026
n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node
Critical
CVE-2025-68668
was published
for
n8n
(npm)
Dec 26, 2025
LangChain serialization injection vulnerability enables secret extraction
High
CVE-2025-68665
was published
for
@langchain/core
(npm)
Dec 23, 2025
LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs
Critical
CVE-2025-68664
was published
for
langchain-core
(pip)
Dec 23, 2025
LangGraph's SQLite is vulnerable to SQL injection via metadata filter key in SQLite checkpointer list method
High
CVE-2025-67644
was published
for
langgraph-checkpoint-sqlite
(pip)
Dec 10, 2025
ProTip!
Advisories are also available from the
GraphQL API