GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
6 advisories
DOMPurify ADD_ATTR predicate skips URI validation
Moderate
GHSA-cjmm-f4jc-qw8r
was published
for
dompurify
(npm)
Apr 3, 2026
DOMPurify USE_PROFILES prototype pollution allows event handlers
Moderate
GHSA-cj63-jhhr-wcxv
was published
for
dompurify
(npm)
Apr 3, 2026
Astro: Remote allowlist bypass via unanchored matchPathname wildcard
Low
CVE-2026-33769
was published
for
astro
(npm)
Mar 26, 2026
OpenClaw Slack: dmPolicy=open allowed any DM sender to run privileged slash commands
High
CVE-2026-28392
was published
for
openclaw
(npm)
Feb 18, 2026
OpenClaw exec approvals: safeBins could bypass stdin-only constraints via shell expansion
High
CVE-2026-28463
was published
for
openclaw
(npm)
Feb 18, 2026
OpenClaw Node host system.run rawCommand/command mismatch can bypass allowlist/approvals
High
CVE-2026-26325
was published
for
openclaw
(npm)
Feb 17, 2026
ProTip!
Advisories are also available from the
GraphQL API