Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,549
Maven
5,000+
npm
5,000+
NuGet
917
pip
4,798
Pub
13
RubyGems
1,038
Rust
1,237
Swift
53
Unreviewed advisories
All unreviewed
5,000+

327,625 advisories

Loading
OpenClaw: Telegram audio preflight transcription enables resource consumption by unauthorized senders Moderate
CVE-2026-41331 was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: Host exec environment overrides miss proxy, TLS, Docker, and Git TLS controls Moderate
CVE-2026-41330 was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: Heartbeat context inheritance bypasses sandbox via senderIsOwner escalation Critical
CVE-2026-41329 was published for openclaw (npm) Apr 2, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: Discord text `/approve` bypasses `channels.discord.execApprovals.approvers` and allows non-approvers to resolve pending exec approvals High
CVE-2026-41303 was published for openclaw (npm) Mar 31, 2026
tdjackey Credited to tdjackey
OpenClaw: SSRF via Unguarded `fetch()` in Marketplace Plugin Download and Ollama Model Discovery Moderate
CVE-2026-41302 was published for openclaw (npm) Apr 2, 2026
tdjackey Credited to tdjackey
OpenClaw: Forged Nostr DMs could create pairing state before signature verification Moderate
CVE-2026-41301 was published for openclaw (npm) Apr 7, 2026
smaeljaish771 Credited to smaeljaish771 and KeenSecurityLab KeenSecurityLab KeenSecurityLab
OpenClaw: Endpoint persists after trust decline, leaking gateway credentials Moderate
CVE-2026-41300 was published for openclaw (npm) Apr 3, 2026
zsxsoft Credited to zsxsoft and KeenSecurityLab KeenSecurityLab KeenSecurityLab
OpenClaw: Gateway chat.send ACP-only provenance guard could be bypassed by client identity spoofing High
CVE-2026-41299 was published for openclaw (npm) Mar 31, 2026
zpbrent Credited to zpbrent
OpenClaw: Read-scoped identity-bearing HTTP clients could kill sessions via /sessions/:sessionKey/kill Moderate
CVE-2026-41298 was published for openclaw (npm) Apr 7, 2026
EaEa0001 Credited to EaEa0001
OpenClaw: Marketplace Plugin Download Follows Redirects Without SSRF Protection Moderate
CVE-2026-41297 was published for openclaw (npm) Apr 7, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: Sandbox escape via TOCTOU race in remote FS bridge readFile Critical
CVE-2026-41296 was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: Untrusted workspace channel shadows could execute during built-in channel setup Moderate
CVE-2026-41295 was published for openclaw (npm) Apr 7, 2026
zpbrent Credited to zpbrent
OpenClaw has a CWD `.env` environment variable injection which bypasses host-env policy and allows config takeover Critical
CVE-2026-41294 was published for openclaw (npm) Apr 1, 2026
tdjackey Credited to tdjackey
OpenClaw: Android accepted cleartext remote gateway endpoints and sent stored credentials over ws:// Moderate
CVE-2026-40045 was published for openclaw (npm) Apr 7, 2026
zsxsoft Credited to zsxsoft and KeenSecurityLab KeenSecurityLab KeenSecurityLab
pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file... Moderate Unreviewed
CVE-2026-3219 was published Apr 20, 2026
A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker... Moderate Unreviewed
CVE-2026-20133 was published Feb 25, 2026
An authenticated remote code execution in Kentico Xperience allows authenticated users Staging... High Unreviewed
CVE-2025-2749 was published Mar 24, 2025
This vulnerability allows remote attackers to bypass authentication on affected installations of... High Unreviewed
CVE-2023-27351 was published Apr 20, 2023
In Grafana's alerting system, users with edit permissions for a contact point, specifically the... Low Unreviewed
CVE-2025-12141 was published Apr 15, 2026
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross... Moderate Unreviewed
CVE-2025-48700 was published Jun 23, 2025
--- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: ... Low Unreviewed
CVE-2026-21727 was published Apr 15, 2026
Calling the ungetwc function on a FILE stream with wide characters encoded in a character set... Unknown Unreviewed
CVE-2026-5928 was published Apr 20, 2026
The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is... Moderate Unreviewed
CVE-2026-4852 was published Apr 20, 2026
Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library... Unknown Unreviewed
CVE-2026-5450 was published Apr 20, 2026
The obsolete nis_local_principal function in the GNU C Library version 2.43 and older may... Unknown Unreviewed
CVE-2026-5358 was published Apr 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database