Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
50
GitHub Actions
50
Go
3,679
Maven
5,000+
npm
5,000+
NuGet
932
pip
4,908
Pub
13
RubyGems
1,053
Rust
1,318
Swift
53
Unreviewed advisories
All unreviewed
5,000+

3 advisories

Loading
OpenClaw leaf subagents can bypass controlScope restrictions to send messages to child sessions Moderate
CVE-2026-35662 was published for openclaw (npm) Mar 26, 2026
space08 Credited to space08
OpenClaw Telegram webhook request bodies were read before secret validation, enabling unauthenticated resource exhaustion High
CVE-2026-32980 was published for openclaw (npm) Mar 16, 2026
space08 Credited to space08
OpenClaw Telegram media fetch errors exposed bot tokens in logged file URLs Moderate
GHSA-xwcj-hwhf-h378 was published for openclaw (npm) Mar 16, 2026
space08 Credited to space08
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database