Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

970 advisories

Loading
OpenClaw has an opt-in insecure Control UI auth over plaintext HTTP could allow privileged access Moderate
CVE-2026-32034 was published for openclaw (npm) Mar 3, 2026
Vasco0x4 Credited to Vasco0x4
OpenClaw DM pairing-store identities could satisfy group allowlist authorization High
CVE-2026-32027 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
Rancher has downstream cluster privilege escalation through cluster and project role template binding (CRTB/PRTB) Critical
CVE-2022-31247 was published for github.com/rancher/rancher (Go) Mar 3, 2026
OpenClaw: Node exec approvals could be replayed across nodes Moderate
GHSA-6x2m-hqfw-hvpj was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw macOS companion app (beta): allowlist parsing mismatch for system.run shell chains Low
CVE-2026-31993 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
In onChange of BiometricService.java, there is a possible way to enable fingerprint unlock due to... High Unreviewed
CVE-2026-0017 was published Mar 2, 2026
INSATutorat has an authorization bypass vulnerability in its /api/admin/* endpoints High
GHSA-xfx2-prg5-jq3g was published for github.com/romitou/insatutorat (Go) Mar 1, 2026
PSI Probe: Broken access control can lead to DoS Low
CVE-2026-3269 was published for com.github.psi-probe:psi-probe-core (Maven) Feb 27, 2026
The The Events Calendar plugin for WordPress is vulnerable to unauthorized modification of data... Moderate Unreviewed
CVE-2026-2694 was published Feb 26, 2026
A vulnerability was found in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected is an unknown... Moderate Unreviewed
CVE-2026-3185 was published Feb 25, 2026
A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability... Low Unreviewed
CVE-2026-2974 was published Feb 23, 2026
A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the... Moderate Unreviewed
CVE-2025-15582 was published Feb 20, 2026
SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area.... Moderate Unreviewed
CVE-2025-71242 was published Feb 19, 2026
Keycloak: Missing Check on Disabled Client for Docker Registry Protocol Low
CVE-2026-2733 was published for org.keycloak:keycloak-services (Maven) Feb 19, 2026
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is... High Unreviewed
CVE-2025-4521 was published Feb 19, 2026
OpenClaw Slack: dmPolicy=open allowed any DM sender to run privileged slash commands High
CVE-2026-28392 was published for openclaw (npm) Feb 18, 2026
christos-eth Credited to christos-eth
OpenClaw Twitch allowFrom is not enforced in optional plugin, unauthorized chat users can trigger agent pipeline High
CVE-2026-28448 was published for openclaw (npm) Feb 17, 2026
MegaManSec Credited to MegaManSec
OpenClaw has a potential access-group authorization bypass if channel type lookup fails Critical
CVE-2026-28454 was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
OpenClaw's unauthenticated Nostr profile HTTP endpoints allow remote profile/config tampering Moderate
CVE-2026-28450 was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
An authorization issue was addressed with improved state management. This issue is fixed in iOS... Moderate Unreviewed
CVE-2026-20661 was published Feb 12, 2026
A logic issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and... Low Unreviewed
CVE-2026-20656 was published Feb 12, 2026
An authorization issue was addressed with improved state management. This issue is fixed in macOS... Moderate Unreviewed
CVE-2026-20666 was published Feb 12, 2026
Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before... High Unreviewed
CVE-2024-50617 was published Feb 12, 2026
An authorization issue was addressed with improved state management. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-43403 was published Feb 12, 2026
Improper authorization in the Intel(R) Quick Assist Technology for some Intel(R) Platforms within... Moderate Unreviewed
CVE-2025-30508 was published Feb 10, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database