Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,417
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,658
Pub
13
RubyGems
1,027
Rust
1,211
Swift
53
Unreviewed advisories
All unreviewed
5,000+

11 advisories

Loading
n8n has an SSO Enforcement Bypass in its Self-Service Settings API Moderate
GHSA-vjf3-2gpj-233v was published for n8n (npm) Feb 26, 2026
stanislavfortaisle Credited to stanislavfortaisle
OpenClaw allows unauthenticated discovery TXT records to steer routing and TLS pinning High
CVE-2026-26327 was published for openclaw (npm) Feb 18, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
OpenClaw skills.status could leak secrets to operator.read clients Moderate
CVE-2026-26326 was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
OpenClaw has an inbound allowlist policy bypass in voice-call extension (empty caller ID + suffix matching) Critical
CVE-2026-28446 was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek, stanislavfortaisle, and MegaManSec stanislavfortaisle stanislavfortaisle
MegaManSec MegaManSec
OpenClaw has a potential access-group authorization bypass if channel type lookup fails Critical
CVE-2026-28454 was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
OpenClaw's unauthenticated Nostr profile HTTP endpoints allow remote profile/config tampering Moderate
CVE-2026-28450 was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
OpenClaw affected by SSRF via attachment/media URL hydration Moderate
CVE-2026-28467 was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
OpenClaw has a webhook auth bypass when gateway is behind a reverse proxy (loopback remoteAddress trust) High
CVE-2026-29613 was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
OpenClaw has an exec allowlist bypass via command substitution/backticks inside double quotes High
CVE-2026-28470 was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
OpenClaw's Windows cmd.exe parsing may bypass exec allowlist/approval gating High
CVE-2026-28391 was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
OpenClaw's gateway connect could skip device identity checks when auth.token was present but not yet validated Critical
CVE-2026-28472 was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database