Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
58
GitHub Actions
50
Go
3,791
Maven
5,000+
npm
5,000+
NuGet
938
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,349
Swift
54
Unreviewed advisories
All unreviewed
5,000+

63 advisories

Loading
SillyTavern has Authentication Bypass via SSO Header Injection Critical
CVE-2026-44649 was published for sillytavern (npm) May 12, 2026
kirakira-dev Credited to kirakira-dev
Bandit trusts client-supplied URI scheme on plaintext connections Moderate
CVE-2026-39807 was published for bandit (Erlang) May 7, 2026
PJUllrich Credited to PJUllrich, mtrudel, and maennchen mtrudel mtrudel
maennchen maennchen
A vulnerability in the browser-based remote management interface may allow an administrator to... Moderate Unreviewed
CVE-2026-1789 was published Apr 24, 2026
Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized... Moderate Unreviewed
CVE-2026-0390 was published Apr 14, 2026
SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local... Moderate Unreviewed
CVE-2019-25711 was published Apr 12, 2026
Duplicate Advisory: OpenClaw: Nextcloud Talk room allowlist matched colliding room names instead of stable room tokens Low
GHSA-5f7h-p83x-5vc2 was published for openclaw (npm) Apr 10, 2026 withdrawn
Duplicate Advisory: OpenClaw: Google Chat Authz Bypass via Group Policy Rebinding with Mutable Space displayName Low
GHSA-j42q-r6qx-xrfp was published for openclaw (npm) Apr 10, 2026 withdrawn
An attacker could use data obtained by sniffing the network traffic to forge packets in order to... Critical Unreviewed
CVE-2025-13926 was published Apr 9, 2026
OpenClaw: diffs viewer misclassifies proxied remote requests as loopback when `allowRemoteViewer` is disabled Moderate
CVE-2026-41403 was published for openclaw (npm) Apr 3, 2026
smaeljaish771 Credited to smaeljaish771 and KeenSecurityLab KeenSecurityLab KeenSecurityLab
OpenClaw: PIP_INDEX_URL and UV_INDEX_URL bypass host exec env sanitization and redirect Python package-index traffic High
CVE-2026-41391 was published for openclaw (npm) Apr 2, 2026
nexrin Credited to nexrin, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA... Moderate Unreviewed
CVE-2026-29134 was published Apr 2, 2026
OpenClaw: Gateway chat.send ACP-only provenance guard could be bypassed by client identity spoofing High
CVE-2026-41299 was published for openclaw (npm) Mar 31, 2026
zpbrent Credited to zpbrent
OpenClaw: Google Chat Authz Bypass via Group Policy Rebinding with Mutable Space displayName Low
CVE-2026-35617 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode... Moderate Unreviewed
CVE-2026-32975 was published Mar 29, 2026
OpenClaw's Conflicting Tool Identity Hints Bypass Dangerous-Tool Prompting Moderate
CVE-2026-35655 was published for openclaw (npm) Mar 26, 2026
zpbrent Credited to zpbrent
OpenClaw: Nextcloud Talk room allowlist matched colliding room names instead of stable room tokens Low
CVE-2026-35624 was published for openclaw (npm) Mar 26, 2026
zpbrent Credited to zpbrent
OpenClaw: Synology Chat reply delivery could be rebound through username-based user resolution. Moderate
CVE-2026-35670 was published for openclaw (npm) Mar 26, 2026
nexrin Credited to nexrin, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
Pixel Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash... Moderate Unreviewed
CVE-2019-25621 was published Mar 24, 2026
ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to... Moderate Unreviewed
CVE-2019-25594 was published Mar 22, 2026
Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the... Moderate Unreviewed
CVE-2019-25544 was published Mar 21, 2026
Duplicate Advisory: OpenClaw ACP client has permission auto-approval bypass via untrusted tool metadata Moderate
GHSA-rcx4-77x4-hjx5 was published for openclaw (npm) Mar 21, 2026 withdrawn
Duplicate Advisory: OpenClaw has a Trusted-proxy Control UI pairing bypass which allows unpaired node sessions Moderate
GHSA-xh9j-mpc9-2m9p was published for openclaw (npm) Mar 21, 2026 withdrawn
Vikunja has a Rate-Limit Bypass for Unauthenticated Users via Spoofed Headers Moderate
CVE-2026-29794 was published for code.vikunja.io/api (Go) Mar 20, 2026
alp1n3-dev Credited to alp1n3-dev
Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File High
CVE-2026-33068 was published for @anthropic-ai/claude-code (npm) Mar 19, 2026
OpenClaw's Zalouser allowlist authorization matched mutable group names by default Moderate
GHSA-f5mf-3r52-r83w was published for openclaw (npm) Mar 13, 2026
zpbrent Credited to zpbrent
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database