Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

66 advisories

Loading
Appsmith: Configuration-dependent origin validation bypass in password reset and email verification link generation High
GHSA-j9gf-vw2f-9hrw was published for com.appsmith:server (Maven) Jun 12, 2026
0xmrma Credited to 0xmrma
The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed. Moderate Unreviewed
CVE-2026-12058 was published Jun 12, 2026
Litestar: AllowedHostsMiddleware bypasses host validation via client-controlled X-Forwarded-Host header Moderate
CVE-2026-48061 was published for litestar (pip) Jun 10, 2026
gik2927 Credited to gik2927
SillyTavern has Authentication Bypass via SSO Header Injection Critical
CVE-2026-44649 was published for sillytavern (npm) May 12, 2026
kirakira-dev Credited to kirakira-dev
Bandit trusts client-supplied URI scheme on plaintext connections Moderate
CVE-2026-39807 was published for bandit (Erlang) May 7, 2026
PJUllrich Credited to PJUllrich, mtrudel, and maennchen mtrudel mtrudel
maennchen maennchen
A vulnerability in the browser-based remote management interface may allow an administrator to... Moderate Unreviewed
CVE-2026-1789 was published Apr 24, 2026
Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized... Moderate Unreviewed
CVE-2026-0390 was published Apr 14, 2026
SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local... Moderate Unreviewed
CVE-2019-25711 was published Apr 12, 2026
Duplicate Advisory: OpenClaw: Nextcloud Talk room allowlist matched colliding room names instead of stable room tokens Low
GHSA-5f7h-p83x-5vc2 was published for openclaw (npm) Apr 10, 2026 withdrawn
Duplicate Advisory: OpenClaw: Google Chat Authz Bypass via Group Policy Rebinding with Mutable Space displayName Low
GHSA-j42q-r6qx-xrfp was published for openclaw (npm) Apr 10, 2026 withdrawn
An attacker could use data obtained by sniffing the network traffic to forge packets in order to... Critical Unreviewed
CVE-2025-13926 was published Apr 9, 2026
OpenClaw: diffs viewer misclassifies proxied remote requests as loopback when `allowRemoteViewer` is disabled Moderate
CVE-2026-41403 was published for openclaw (npm) Apr 3, 2026
smaeljaish771 Credited to smaeljaish771 and KeenSecurityLab KeenSecurityLab KeenSecurityLab
OpenClaw: PIP_INDEX_URL and UV_INDEX_URL bypass host exec env sanitization and redirect Python package-index traffic High
CVE-2026-41391 was published for openclaw (npm) Apr 2, 2026
nexrin Credited to nexrin, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA... Moderate Unreviewed
CVE-2026-29134 was published Apr 2, 2026
OpenClaw: Gateway chat.send ACP-only provenance guard could be bypassed by client identity spoofing High
CVE-2026-41299 was published for openclaw (npm) Mar 31, 2026
zpbrent Credited to zpbrent
OpenClaw: Google Chat Authz Bypass via Group Policy Rebinding with Mutable Space displayName Low
CVE-2026-35617 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode... Moderate Unreviewed
CVE-2026-32975 was published Mar 29, 2026
OpenClaw's Conflicting Tool Identity Hints Bypass Dangerous-Tool Prompting Moderate
CVE-2026-35655 was published for openclaw (npm) Mar 26, 2026
zpbrent Credited to zpbrent
OpenClaw: Nextcloud Talk room allowlist matched colliding room names instead of stable room tokens Low
CVE-2026-35624 was published for openclaw (npm) Mar 26, 2026
zpbrent Credited to zpbrent
OpenClaw: Synology Chat reply delivery could be rebound through username-based user resolution. Moderate
CVE-2026-35670 was published for openclaw (npm) Mar 26, 2026
nexrin Credited to nexrin, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
Pixel Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash... Moderate Unreviewed
CVE-2019-25621 was published Mar 24, 2026
ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to... Moderate Unreviewed
CVE-2019-25594 was published Mar 22, 2026
Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the... Moderate Unreviewed
CVE-2019-25544 was published Mar 21, 2026
Duplicate Advisory: OpenClaw ACP client has permission auto-approval bypass via untrusted tool metadata Moderate
GHSA-rcx4-77x4-hjx5 was published for openclaw (npm) Mar 21, 2026 withdrawn
Duplicate Advisory: OpenClaw has a Trusted-proxy Control UI pairing bypass which allows unpaired node sessions Moderate
GHSA-xh9j-mpc9-2m9p was published for openclaw (npm) Mar 21, 2026 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database