Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,437
Maven
5,000+
npm
5,000+
NuGet
883
pip
4,695
Pub
13
RubyGems
1,031
Rust
1,222
Swift
53
Unreviewed advisories
All unreviewed
5,000+

55 advisories

Loading
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group... Low Unreviewed
CVE-2026-35617 was published Apr 10, 2026
OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that... Low Unreviewed
CVE-2026-35624 was published Apr 10, 2026
An attacker could use data obtained by sniffing the network traffic to forge packets in order to... Critical Unreviewed
CVE-2025-13926 was published Apr 9, 2026
OpenClaw: PIP_INDEX_URL and UV_INDEX_URL bypass host exec env sanitization and redirect Python package-index traffic High
GHSA-7ggg-pvrf-458v was published for openclaw (npm) Apr 2, 2026
nexrin Credited to nexrin
SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA... Moderate Unreviewed
CVE-2026-29134 was published Apr 2, 2026
OpenClaw: Gateway chat.send ACP-only provenance guard could be bypassed by client identity spoofing High
GHSA-6xg4-82hv-cp6f was published for openclaw (npm) Mar 31, 2026
zpbrent Credited to zpbrent
OpenClaw: Google Chat Authz Bypass via Group Policy Rebinding with Mutable Space displayName Moderate
GHSA-52q4-3xjc-6778 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode... Moderate Unreviewed
CVE-2026-32975 was published Mar 29, 2026
OpenClaw's Conflicting Tool Identity Hints Bypass Dangerous-Tool Prompting High
GHSA-74wf-h43j-vvmj was published for openclaw (npm) Mar 26, 2026
zpbrent Credited to zpbrent
Pixel Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash... Moderate Unreviewed
CVE-2019-25621 was published Mar 24, 2026
ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to... Moderate Unreviewed
CVE-2019-25594 was published Mar 22, 2026
Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the... Moderate Unreviewed
CVE-2019-25544 was published Mar 21, 2026
Duplicate Advisory: OpenClaw ACP client has permission auto-approval bypass via untrusted tool metadata Moderate
GHSA-rcx4-77x4-hjx5 was published for openclaw (npm) Mar 21, 2026 withdrawn
Duplicate Advisory: OpenClaw has a Trusted-proxy Control UI pairing bypass which allows unpaired node sessions Moderate
GHSA-xh9j-mpc9-2m9p was published for openclaw (npm) Mar 21, 2026 withdrawn
Vikunja has a Rate-Limit Bypass for Unauthenticated Users via Spoofed Headers Moderate
CVE-2026-29794 was published for code.vikunja.io/api (Go) Mar 20, 2026
alp1n3-dev Credited to alp1n3-dev
Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File High
CVE-2026-33068 was published for @anthropic-ai/claude-code (npm) Mar 19, 2026
OpenClaw's Zalouser allowlist authorization matched mutable group names by default Moderate
GHSA-f5mf-3r52-r83w was published for openclaw (npm) Mar 13, 2026
zpbrent Credited to zpbrent
OpenClaw improperly parses X-Forwarded-For behind trusted proxies allows client IP spoofing in security decisions Moderate
CVE-2026-32029 was published for openclaw (npm) Mar 3, 2026
AnthonyDiSanti Credited to AnthonyDiSanti and vincentkoc vincentkoc vincentkoc
OpenClaw has a Trusted-proxy Control UI pairing bypass which allows unpaired node sessions Moderate
CVE-2026-32057 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: Command hijacking via unsafe PATH handling (bootstrapping + node-host PATH overrides) High
CVE-2026-29610 was published for openclaw (npm) Feb 18, 2026
akhmittra Credited to akhmittra
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an... High Unreviewed
CVE-2026-21514 was published Feb 10, 2026
Cube Core is vulnerable to privilege escalation via a specially crafted request High
CVE-2026-25958 was published for @cubejs-backend/server-core (npm) Feb 10, 2026
ovr Credited to ovr
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized... High Unreviewed
CVE-2026-21509 was published Jan 26, 2026
Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized... High Unreviewed
CVE-2026-20849 was published Jan 13, 2026
Mega-Fence (webgate-lib.*) 25.1.914 and prior trusts the first value of the X-Forwarded-For (XFF)... Moderate Unreviewed
CVE-2025-65328 was published Jan 5, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database