GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
65 advisories
OpenClaw: Bonjour/DNS-SD TXT metadata steers CLI routing after failed service resolution
Moderate
GHSA-rvqr-hrcc-j9vv
was published
for
openclaw
(npm)
Mar 26, 2026
OpenFGA has an Authorization Bypass through cached keys
Moderate
CVE-2026-33729
was published
for
github.com/openfga/openfga
(Go)
Mar 26, 2026
ZeptoClaw: Email Sender Spoofing to bypass Header-Only From Allowlist Validation
Moderate
GHSA-4cm8-xpfv-jv6f
was published
for
zeptoclaw
(Rust)
Mar 12, 2026
OpenClaw improperly parses X-Forwarded-For behind trusted proxies allows client IP spoofing in security decisions
Moderate
CVE-2026-32029
was published
for
openclaw
(npm)
Mar 3, 2026
Cosign verification accepts any valid Rekor entry under certain conditions
Moderate
CVE-2026-22703
was published
for
github.com/sigstore/cosign/v2
(Go)
Jan 13, 2026
MantisBT lacks verification when changing a user's email address
Moderate
CVE-2025-55155
was published
for
mantisbt/mantisbt
(Composer)
Nov 3, 2025
matrix-js-sdk has insufficient validation when considering a room to be upgraded by another
Moderate
CVE-2025-59160
was published
for
matrix-js-sdk
(npm)
Sep 16, 2025
Picklescan missing detection when calling pytorch function torch.utils._config_module.load_config
Moderate
GHSA-vv6j-3g6g-2pvj
was published
for
picklescan
(pip)
Aug 22, 2025
Picklescan missing detection when calling pytorch function torch.jit.unsupported_tensor_ops.execWrapper
Moderate
GHSA-vr7h-p6mm-wpmh
was published
for
picklescan
(pip)
Aug 22, 2025
Picklescan missing detection when calling pytorch function torch.utils.collect_env.run
Moderate
GHSA-f745-w6jp-hpxx
was published
for
picklescan
(pip)
Aug 22, 2025
Picklescan missing detection when calling pytorch function torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression
Moderate
GHSA-f4x7-rfwp-v3xw
was published
for
picklescan
(pip)
Aug 22, 2025
Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get
Moderate
GHSA-86cj-95qr-2p4f
was published
for
picklescan
(pip)
Aug 22, 2025
Picklescan missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_cprofile
Moderate
GHSA-4r9r-ch6f-vxmx
was published
for
picklescan
(pip)
Aug 22, 2025
Zip Exploit Crashes Picklescan But Not PyTorch
Moderate
CVE-2025-1944
was published
for
picklescan
(pip)
Mar 10, 2025
Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch
Moderate
CVE-2025-1945
was published
for
picklescan
(pip)
Mar 10, 2025
Hickory DNS's DNSSEC validation may accept broken authentication chains
Moderate
CVE-2025-25188
was published
for
hickory-proto
(Rust)
Feb 10, 2025
ProTip!
Advisories are also available from the
GraphQL API