Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

29 advisories

Loading
OpenClaw before 2026.5.6 contains an improper access control vulnerability in Mattermost event... Moderate Unreviewed
CVE-2026-53837 was published Jun 13, 2026
Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle... Low Unreviewed
CVE-2026-49317 was published May 29, 2026
Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle... Low Unreviewed
CVE-2026-49318 was published May 29, 2026
MCP Registry: OCI validator skips ownership check on upstream rate limits Low
CVE-2026-45781 was published for github.com/modelcontextprotocol/registry (Go) May 19, 2026
rdimitrov Credited to rdimitrov
net-imap vulnerable to STARTTLS stripping via invalid response timing High
CVE-2026-42246 was published for net-imap (RubyGems) May 4, 2026
Masamuneee Credited to Masamuneee
OpenClaw before 2026.3.31 contains a decompression bomb vulnerability in image processing that... High Unreviewed
CVE-2026-41334 was published Apr 24, 2026
OpenViking: Unauthenticated remote bot control via OpenAPI HTTP routes Critical
CVE-2026-40525 was published for openviking (pip) Apr 17, 2026
free5gc UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut may allow unintended subscription updates after input errors Moderate
CVE-2026-40249 was published for github.com/free5gc/udr (Go) Apr 14, 2026
Giancannella Credited to Giancannella and FrancescoDAlterio FrancescoDAlterio FrancescoDAlterio
free5gc UDR improper path validation allows unauthenticated creation and modification of Traffic Influence Subscriptions High
CVE-2026-40248 was published for github.com/free5gc/udr (Go) Apr 14, 2026
Giancannella Credited to Giancannella and FrancescoDAlterio FrancescoDAlterio FrancescoDAlterio
free5gc UDR improper path validation allows unauthenticated access to Traffic Influence Subscriptions High
CVE-2026-40247 was published for github.com/free5gc/udr (Go) Apr 14, 2026
Giancannella Credited to Giancannella and FrancescoDAlterio FrancescoDAlterio FrancescoDAlterio
Helm's plugin verification fails open when .prov is missing, allowing unsigned plugin install High
CVE-2026-35205 was published for helm.sh/helm/v4 (Go) Apr 10, 2026
maru1009 Credited to maru1009
OpenClaw: strictInlineEval explicit-approval boundary bypassed by approval-timeout fallback on gateway and node exec hosts Moderate
CVE-2026-42423 was published for openclaw (npm) Apr 9, 2026
zsxsoft Credited to zsxsoft and KeenSecurityLab KeenSecurityLab KeenSecurityLab
fast-jwt accepts unknown `crit` header extensions (RFC 7515 violation) High
CVE-2026-35042 was published for fast-jwt (npm) Apr 3, 2026
dmbs335 Credited to dmbs335
OpenClaw: Security Scan Failure Does Not Block Plugin Installation (Fail-Open) Low
CVE-2026-41377 was published for openclaw (npm) Apr 2, 2026
davidluzsilva Credited to davidluzsilva
Duplicate Advisory: OpenClaw: Unavailable local auth SecretRefs could fall through to remote credentials in local mode Low
GHSA-vm29-7mq3-9jrg was published for OpenClaw (npm) Mar 31, 2026 withdrawn
pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback Low
CVE-2026-27448 was published for pyopenssl (pip) Mar 16, 2026
OpenClaw: Unavailable local auth SecretRefs could fall through to remote credentials in local mode Low
CVE-2026-32970 was published for openclaw (npm) Mar 13, 2026
tdjackey Credited to tdjackey
An administrator may attempt to block all traffic by configuring a pass filter with an empty... Moderate Unreviewed
CVE-2025-41760 was published Mar 9, 2026
An administrator may attempt to block all networks by specifying "\*" or "all" as the network... Moderate Unreviewed
CVE-2025-41759 was published Mar 9, 2026
Windows BitLocker Information Disclosure Vulnerability Moderate Unreviewed
CVE-2025-21210 was published Jan 14, 2025
Hashicorp Vault vulnerable to denial of service through memory exhaustion High
CVE-2024-8185 was published for github.com/hashicorp/vault (Go) Oct 31, 2024
westonsteimel Credited to westonsteimel
Remote Registry Service Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-43532 was published Oct 8, 2024
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing... Critical Unreviewed
CVE-2024-3729 was published May 2, 2024
HashiCorpVault does not correctly validate OCSP responses Moderate
CVE-2024-2660 was published for github.com/hashicorp/vault (Go) Apr 4, 2024
A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen... High Unreviewed
CVE-2023-4030 was published Aug 17, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database