Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,343
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,550
Pub
12
RubyGems
1,013
Rust
1,203
Swift
51
Unreviewed advisories
All unreviewed
5,000+

3,221 advisories

Loading
A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any... High Unreviewed
CVE-2026-0562 was published Mar 29, 2026
OpenClaw: Telegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State Moderate
GHSA-j4c9-w69r-cw33 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: MS Teams Feedback Invocation Bypasses Sender Allowlists and Records Unauthorized Session Feedback Moderate
GHSA-rf6h-5gpw-qrgq was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: Gateway Plugin Subagent Fallback `deleteSession` Uses Synthetic `operator.admin` High
GHSA-h4jx-hjr3-fhgc was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: Feishu Raw Card Send Surface Can Mint Legacy Card Callbacks That Bypass DM Pairing Moderate
GHSA-77w2-crqv-cmv3 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: Google Chat Authz Bypass via Group Policy Rebinding with Mutable Space displayName Moderate
GHSA-52q4-3xjc-6778 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: `session_status` sessionId resolution bypasses sandboxed session-tree visibility High
GHSA-q2qc-744p-66r2 was published for openclaw (npm) Mar 29, 2026
nexrin Credited to nexrin
OpenClaw: Gateway HTTP Session History Route Bypasses Operator Read Scope Moderate
GHSA-5jvj-hxmh-6h6j was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction... Moderate Unreviewed
CVE-2026-32924 was published Mar 29, 2026
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing authenticated... High Unreviewed
CVE-2026-32972 was published Mar 29, 2026
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing write-scoped... Moderate Unreviewed
CVE-2026-32919 was published Mar 29, 2026
OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status... Critical Unreviewed
CVE-2026-32918 was published Mar 29, 2026
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in Discord guild... Moderate Unreviewed
CVE-2026-32923 was published Mar 29, 2026
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf... Critical Unreviewed
CVE-2026-32915 was published Mar 29, 2026
OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals... Critical Unreviewed
CVE-2026-32978 was published Mar 29, 2026
OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config... High Unreviewed
CVE-2026-32914 was published Mar 29, 2026
OpenClaw: BlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events Moderate
GHSA-mw7w-g3mg-xqm7 was published for openclaw (npm) Mar 27, 2026
zpbrent Credited to zpbrent
OpenClaw: Matrix Verification Notices Bypass Matrix DM Policy and Reply to Unpaired DM Peers Moderate
GHSA-9wqx-g2cw-vc7r was published for openclaw (npm) Mar 27, 2026
zpbrent Credited to zpbrent
OpenClaw: Gateway Plugin HTTP Auth Grants Unrestricted operator.admin Runtime Scope to All Callers High
GHSA-qm2m-28pf-hgjw was published for openclaw (npm) Mar 27, 2026
zpbrent Credited to zpbrent
OpenClaw: Silent privilege escalation via gateway shared-auth reconnect Critical
GHSA-fqw4-mph7-2vr8 was published for openclaw (npm) Mar 27, 2026
zpbrent Credited to zpbrent
OpenClaw: Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim operator.admin Critical
GHSA-9hjh-fr4f-gxc4 was published for openclaw (npm) Mar 27, 2026
zpbrent Credited to zpbrent
OpenClaw: Gateway HTTP /sessions/:sessionKey/kill Reaches Admin Kill Path Without Caller Scope Binding High
GHSA-9p93-7j67-5pc2 was published for openclaw (npm) Mar 27, 2026
zpbrent Credited to zpbrent
Moby has AuthZ plugin bypass when provided oversized request bodies High
CVE-2026-34040 was published for github.com/docker/docker (Go) Mar 27, 2026
vvoland Credited to vvoland and manizada manizada manizada
OpenClaw: Image Tool `tools.fs.workspaceOnly` Bypass via Sandbox Bridge Mounts Moderate
GHSA-cfp9-w5v9-3q4h was published for openclaw (npm) Mar 26, 2026
YLChen-007 Credited to YLChen-007
OpenClaw's Conflicting Tool Identity Hints Bypass Dangerous-Tool Prompting High
GHSA-74wf-h43j-vvmj was published for openclaw (npm) Mar 26, 2026
zpbrent Credited to zpbrent
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database