Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,343
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,550
Pub
12
RubyGems
1,013
Rust
1,203
Swift
51
Unreviewed advisories
All unreviewed
5,000+

153,750 advisories

Loading
OpenClaw has ACP CLI approval prompt ANSI escape sequence injection Moderate
GHSA-4hmj-39m8-jwc7 was published for openclaw (npm) Mar 29, 2026
nexrin Credited to nexrin
OpenClaw: Telegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State Moderate
GHSA-j4c9-w69r-cw33 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Webhook Token Moderate
GHSA-mf5g-6r6f-ghhm was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: MS Teams Feedback Invocation Bypasses Sender Allowlists and Records Unauthorized Session Feedback Moderate
GHSA-rf6h-5gpw-qrgq was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: Feishu Raw Card Send Surface Can Mint Legacy Card Callbacks That Bypass DM Pairing Moderate
GHSA-77w2-crqv-cmv3 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: Feishu webhook reads and parses unauthenticated request bodies before signature validation Moderate
GHSA-3h52-cx59-c456 was published for openclaw (npm) Mar 29, 2026
tdjackey Credited to tdjackey
OpenClaw: Google Chat Authz Bypass via Group Policy Rebinding with Mutable Space displayName Moderate
GHSA-52q4-3xjc-6778 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: Gateway HTTP Session History Route Bypasses Operator Read Scope Moderate
GHSA-5jvj-hxmh-6h6j was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
AVideo: IDOR in uploadPoster.php Allows Any Authenticated User to Overwrite Scheduled Live Stream Posters and Trigger False Socket Notifications Moderate
CVE-2026-34247 was published for wwbn/avideo (Composer) Mar 29, 2026
offset Credited to offset
AVideo: Missing Authorization in Playlist Schedule Creation Allows Cross-User Broadcast Hijacking Moderate
CVE-2026-34245 was published for wwbn/avideo (Composer) Mar 29, 2026
offset Credited to offset
OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer... Moderate Unreviewed
CVE-2026-33574 was published Mar 29, 2026
OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default... Moderate Unreviewed
CVE-2026-33572 was published Mar 29, 2026
OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction... Moderate Unreviewed
CVE-2026-32924 was published Mar 29, 2026
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing write-scoped... Moderate Unreviewed
CVE-2026-32919 was published Mar 29, 2026
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in Discord guild... Moderate Unreviewed
CVE-2026-32923 was published Mar 29, 2026
OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode... Moderate Unreviewed
CVE-2026-32975 was published Mar 29, 2026
OpenCC has an Out-of-bounds read when processing truncated UTF-8 input Moderate
GHSA-7fqq-q52p-2jjg was published for OpenCC (npm) Mar 29, 2026
Handlebars.js has a Prototype Method Access Control Gap via Missing __lookupSetter__ Blocklist Entry Moderate
GHSA-7rx3-28cr-v5wh was published for handlebars (npm) Mar 29, 2026
TinkAnet Credited to TinkAnet
mppx has Stripe charge credential replay via missing idempotency check Moderate
CVE-2026-34210 was published for mppx (npm) Mar 29, 2026
samczsun Credited to samczsun and veria-labs veria-labs veria-labs
A vulnerability was identified in code-projects Chamber of Commerce Membership Management System... Moderate Unreviewed
CVE-2026-5041 was published Mar 29, 2026
A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of... Moderate Unreviewed
CVE-2026-5037 was published Mar 29, 2026
A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown... Moderate Unreviewed
CVE-2026-5035 was published Mar 29, 2026
A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the... Moderate Unreviewed
CVE-2026-5030 was published Mar 29, 2026
A vulnerability was detected in code-projects Accounting System 1.0. Affected by this... Moderate Unreviewed
CVE-2026-5033 was published Mar 29, 2026
A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown... Moderate Unreviewed
CVE-2026-5031 was published Mar 29, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database