GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
354 advisories
changedetection.io Vulnerable to Authentication Bypass via Decorator Ordering
Critical
CVE-2026-35490
was published
for
changedetection.io
(pip)
Apr 6, 2026
OpenClaw: Heartbeat context inheritance bypasses sandbox via senderIsOwner escalation
Critical
GHSA-g5cg-8x5w-7jpm
was published
for
openclaw
(npm)
Apr 2, 2026
PraisonAI Has Authentication Bypass via OAuthManager.validate_token()
Critical
CVE-2026-34953
was published
for
praisonai
(pip)
Apr 1, 2026
OpenClaw: /pair approve command path omitted caller scope subsetting and reopened device pairing escalation
Critical
CVE-2026-33579
was published
for
openclaw
(npm)
Mar 31, 2026
parse-server has cloud function validator bypass via prototype chain traversal
Critical
CVE-2026-34532
was published
for
parse-server
(npm)
Mar 31, 2026
OpenClaw: Silent privilege escalation via gateway shared-auth reconnect
Critical
GHSA-fqw4-mph7-2vr8
was published
for
openclaw
(npm)
Mar 27, 2026
OpenClaw: Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim operator.admin
Critical
GHSA-9hjh-fr4f-gxc4
was published
for
openclaw
(npm)
Mar 27, 2026
SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API
Critical
CVE-2026-32767
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 16, 2026
Parse Server vulnerable to session token exfiltration via `redirectClassNameForKey` query parameter
Critical
CVE-2026-30965
was published
for
parse-server
(npm)
Mar 11, 2026
OpenClaw Vulnerable to Remote Code Execution via Node Invoke Approval Bypass in Gateway
Critical
CVE-2026-28466
was published
for
openclaw
(npm)
Mar 2, 2026
Kargo has an Authorization Bypass Vulnerability in Batch Resource Creation API Endpoints
Critical
CVE-2026-27112
was published
for
github.com/akuity/kargo
(Go)
Feb 19, 2026
External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function
Critical
CVE-2026-22822
was published
for
github.com/external-secrets/external-secrets
(Go)
Jan 20, 2026
ProTip!
Advisories are also available from the
GraphQL API