Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies Moderate
CVE-2026-9595 was published for webpack-dev-server (npm) Jun 17, 2026
bjohansebas Credited to bjohansebas and UlisesGascon UlisesGascon UlisesGascon
NocoDB: Server-Side Request Forgery via Spreadsheet Import Endpoint Moderate
CVE-2026-53931 was published for nocodb (npm) Jun 17, 2026
p- Credited to p-
Angular Service Worker Policy-Bypass & Credential-Stripping Vulnerabilities Moderate
CVE-2026-50169 was published for @angular/service-worker (npm) Jun 15, 2026
Yenya030 Credited to Yenya030, alan-agius4, JeanMeche, josephperrott, and AndrewKushnir alan-agius4 alan-agius4
JeanMeche JeanMeche josephperrott josephperrott AndrewKushnir AndrewKushnir
axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy` High
CVE-2026-44494 was published for axios (npm) May 29, 2026
August829 Credited to August829
Duplicate Advisory: OpenClaw: Workspace dotenv files cannot override connector endpoint hosts Moderate
GHSA-5jgm-f9wr-9qm7 was published for openclaw (npm) May 11, 2026 withdrawn
Duplicate Advisory: OpenClaw: Workspace dotenv MiniMax host override could redirect credentialed requests Moderate
GHSA-4mhr-cxr4-2prm was published for openclaw (npm) May 11, 2026 withdrawn
Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0 High
CVE-2026-42043 was published for axios (npm) May 5, 2026
sachinpatilpsp Credited to sachinpatilpsp and IAMolofficial IAMolofficial IAMolofficial
Duplicate Advisory: OpenClaw: MSTeams thread history bypasses sender allowlist via Graph API Moderate
GHSA-8pf2-vj79-4wxg was published for openclaw (npm) Apr 28, 2026 withdrawn
Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF Moderate
CVE-2025-62718 was published for axios (npm) Apr 9, 2026
AmeerAssadi Credited to AmeerAssadi, SwTan98, and jasonsaayman SwTan98 SwTan98
jasonsaayman jasonsaayman
Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path` Moderate
CVE-2026-33768 was published for @astrojs/vercel (npm) Mar 26, 2026
jp-soba Credited to jp-soba
OpenClaw Vulnerable to Remote Code Execution via Node Invoke Approval Bypass in Gateway Critical
CVE-2026-28466 was published for openclaw (npm) Mar 2, 2026
222n5 Credited to 222n5
fastify-reply-from affected by bypass of reply forwarding Moderate
CVE-2025-66415 was published for @fastify/reply-from (npm) Dec 2, 2025
rozzilla Credited to rozzilla
code-server's session cookie can be extracted by having user visit specially crafted proxy URL High
CVE-2025-47269 was published for code-server (npm) May 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database