Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
48
Go
3,399
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,618
Pub
13
RubyGems
1,026
Rust
1,205
Swift
52
Unreviewed advisories
All unreviewed
5,000+

154,211 advisories

Loading
A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown... Moderate Unreviewed
CVE-2026-5467 was published Apr 3, 2026
Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows... Moderate Unreviewed
CVE-2025-7024 was published Apr 3, 2026
An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6,... Moderate Unreviewed
CVE-2026-35549 was published Apr 3, 2026
An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style... Moderate Unreviewed
CVE-2026-35540 was published Apr 3, 2026
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password... Moderate Unreviewed
CVE-2026-35541 was published Apr 3, 2026
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of... Moderate Unreviewed
CVE-2026-35539 was published Apr 3, 2026
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking... Moderate Unreviewed
CVE-2026-35542 was published Apr 3, 2026
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking... Moderate Unreviewed
CVE-2026-35543 was published Apr 3, 2026
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading... Moderate Unreviewed
CVE-2026-35544 was published Apr 3, 2026
An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking... Moderate Unreviewed
CVE-2026-35545 was published Apr 3, 2026
DOMPurify ADD_ATTR predicate skips URI validation Moderate
GHSA-cjmm-f4jc-qw8r was published for dompurify (npm) Apr 3, 2026
christos-eth Credited to christos-eth
DOMPurify USE_PROFILES prototype pollution allows event handlers Moderate
GHSA-cj63-jhhr-wcxv was published for dompurify (npm) Apr 3, 2026
christos-eth Credited to christos-eth
D-Tale: Remote Code Execution through redis/shelf storage Moderate
CVE-2026-35052 was published for dtale (pip) Apr 3, 2026
QiaoNPC Credited to QiaoNPC
Shynet before 0.14.0 allows Host header injection in the password reset flow. Moderate Unreviewed
CVE-2026-35507 was published Apr 3, 2026
Shynet before 0.14.0 allows XSS in urldisplay and iconify template filters, Moderate Unreviewed
CVE-2026-35508 was published Apr 3, 2026
OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message Moderate
GHSA-6336-qqw9-v6x6 was published for openclaw (npm) Apr 3, 2026
nexrin Credited to nexrin
OpenClaw: Endpoint persists after trust decline, leaking gateway credentials Moderate
GHSA-9f4w-67g7-mqwv was published for openclaw (npm) Apr 3, 2026
zsxsoft Credited to zsxsoft
OpenClaw: diffs viewer misclassifies proxied remote requests as loopback when `allowRemoteViewer` is disabled Moderate
GHSA-3xv9-89fm-7h4r was published for openclaw (npm) Apr 3, 2026
smaeljaish771 Credited to smaeljaish771
OpenClaw: Discord Slash Commands Bypass Group DM Channel Allowlist Moderate
GHSA-rvvf-6vh3-9j43 was published for openclaw (npm) Apr 3, 2026
nexrin Credited to nexrin
OpenClaw: Telegram legacy allowFrom migration fans default-account trust into all named accounts Moderate
GHSA-f693-58pc-2gfr was published for openclaw (npm) Apr 3, 2026
smaeljaish771 Credited to smaeljaish771
OpenClaw: Discord voice manager bypasses channel-level member access allowlist Moderate
GHSA-cqgw-44wg-44rf was published for openclaw (npm) Apr 3, 2026
zsxsoft Credited to zsxsoft
OpenClaw: Telegram audio preflight transcription enables resource consumption by unauthorized senders Moderate
GHSA-m6fx-m8hc-572m was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: Voice-call still parses large WebSocket frames before start validation (Incomplete fix for CVE-2026-32062) Moderate
GHSA-2w79-r9g8-wmcr was published for openclaw (npm) Apr 3, 2026
Kazamayc Credited to Kazamayc
OpenClaw: Fake DeviceToken Bypasses Shared Auth Rate Limiting Moderate
GHSA-6p8r-6m93-557f was published for openclaw (npm) Apr 3, 2026
kexinoh Credited to kexinoh
OpenClaw: Host exec environment sanitization misses package, registry, Docker, compiler, and TLS override variables Moderate
GHSA-cg7q-fg22-4g98 was published for openclaw (npm) Apr 3, 2026
tdjackey Credited to tdjackey
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database