Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,416
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,657
Pub
13
RubyGems
1,027
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

199 advisories

Loading
An issue that allowed MCP agents to access certificate information from outside of their... Low Unreviewed
CVE-2026-5379 was published Apr 7, 2026
An issue that could expose records outside of the authorized organization scope through the MCP... Low Unreviewed
CVE-2026-5382 was published Apr 7, 2026
An issue that could expose task information outside of the authorized organization scope has been... Low Unreviewed
CVE-2026-5381 was published Apr 7, 2026
OpenClaw: MSTeams thread history bypasses sender allowlist via Graph API Low
GHSA-chfm-xgc4-47rj was published for openclaw (npm) Apr 2, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: Matrix thread root and reply context bypass sender allowlist Low
GHSA-rg8m-3943-vm6q was published for openclaw (npm) Apr 2, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams... Low Unreviewed
CVE-2026-34509 was published Mar 31, 2026
Duplicate Advisory: OpenClaw's MS Teams sender allowlist bypass when route allowlist is configured and sender allowlist is empty Low
GHSA-xg59-f45v-9r9j was published for openclaw (npm) Mar 31, 2026 withdrawn
OpenClaw: Tlon settings empty-allowlist reconciliation bypassed intended revocation Low
GHSA-pw7h-9g6p-c378 was published for openclaw (npm) Mar 26, 2026
zpbrent Credited to zpbrent
GitLab has remediated an issue in GitLab EE affecting all versions from 18.1 before 18.8.7, 18.9... Low Unreviewed
CVE-2026-4363 was published Mar 25, 2026
This issue was addressed with improved permissions checking. This issue is fixed in iOS 18.7.7... Low Unreviewed
CVE-2026-28864 was published Mar 25, 2026
Apache Artemis: Unauthorized Temporary Address Creation via OpenWire Protocol Low
CVE-2026-32642 was published for org.apache.activemq:artemis-openwire-protocol (Maven) Mar 24, 2026
Duplicate Advisory: OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows Low
GHSA-cjq8-m7wj-xmq9 was published for openclaw (npm) Mar 21, 2026 withdrawn
Duplicate Advisory: OpenClaw has cross-account DM pairing authorization bypass via unscoped pairing store access Low
GHSA-vmvw-pwwf-cc2w was published for openclaw (NuGet) Mar 21, 2026 withdrawn
etcd: Nested etcd transactions bypass RBAC authorization checks Low
CVE-2026-33343 was published for go.etcd.io/etcd (Go) Mar 20, 2026
Tulgaaaaaaaa Credited to Tulgaaaaaaaa
Duplicate Advisory: Signal group allowlist authorization bypass via DM pairing-store leakage Low
GHSA-r849-826x-wgqm was published for openclaw (npm) Mar 19, 2026 withdrawn
Mattermost versions 10.11.x <= 10.11.10 fail to properly validate permission requirements in the... Low Unreviewed
CVE-2026-26230 was published Mar 16, 2026
Mattermost fails to validate user's authentication method when processing account auth type switch Low
CVE-2026-22545 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Copyparty ftp/sftp: Sharing a single file did not fully restrict source-folder access Low
CVE-2026-32108 was published for copyparty (pip) Mar 12, 2026
thesanjok Credited to thesanjok
Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01... Low Unreviewed
CVE-2026-1471 was published Mar 11, 2026
Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to... Low Unreviewed
CVE-2026-1497 was published Mar 11, 2026
OpenClaw: system.run wrapper-depth boundary could skip shell approval gating Low
CVE-2026-27183 was published for openclaw (npm) Mar 9, 2026
tdjackey Credited to tdjackey
Mercurius's queryDepth limit bypassed for WebSocket subscriptions Low
CVE-2026-30241 was published for mercurius (npm) Mar 6, 2026
TinkAnet Credited to TinkAnet and mcollina mcollina mcollina
In affected versions of Octopus Server it was possible to create a new API key from an existing... Low Unreviewed
CVE-2026-3236 was published Mar 5, 2026
OpenClaw has cross-account DM pairing authorization bypass via unscoped pairing store access Low
CVE-2026-32067 was published for openclaw (npm) Mar 4, 2026
tdjackey Credited to tdjackey
OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows Low
CVE-2026-32058 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database