Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

17 advisories

Loading
Ankitects Anki LaTeX Blocklist Bypass vulnerability Low
CVE-2024-32152 was published for anki (pip) Jul 22, 2024
Jayy001 Credited to Jayy001
Wasmtime doesn't fully sandbox all the Windows device filenames Low
CVE-2024-51745 was published for wasmtime (Rust) Nov 5, 2024
nathaniel-daniel Credited to nathaniel-daniel
PrestaShop Checkout Target PayPal merchant account hijacking from backoffice Low
CVE-2025-61924 was published for prestashop/ps_checkout (Composer) Oct 16, 2025
iNem0o Credited to iNem0o
Improper Validation of Query Parameters in Auth0 Next.js SDK Low
CVE-2025-67716 was published for @auth0/nextjs-auth0 (npm) Dec 10, 2025
MegaManSec Credited to MegaManSec
OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags Low
CVE-2026-31996 was published for openclaw (npm) Feb 19, 2026
nedlir Credited to nedlir
Fickling has a detection bypass via stdlib network-protocol constructors Low
GHSA-83pf-v6qq-pwmr was published for fickling (pip) Feb 20, 2026
NucleiAv Credited to NucleiAv
OpenClaw macOS companion app (beta): allowlist parsing mismatch for system.run shell chains Low
CVE-2026-31993 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
boy-hack Credited to boy-hack
Beszel has an IDOR in hub API endpoints that read system ID from URL parameter Low
CVE-2026-40077 was published for github.com/henrygd/beszel (Go) Apr 10, 2026
marduc812 Credited to marduc812, kodareef5, and lakshayyverma kodareef5 kodareef5
lakshayyverma lakshayyverma
Kimai leaks API Token Hash via Invoice Twig Template Low
GHSA-rh42-6rj2-xwmc was published for kimai/kimai (Composer) Apr 14, 2026
hett-patell Credited to hett-patell
nicolas-grekas Credited to nicolas-grekas
Bleach: URI sanitization allows disallowed URI schemes with Unicode > U+00A0 in output Low
GHSA-8rfp-98v4-mmr6 was published for bleach (pip) Jun 16, 2026
Duplicate Advisory: Exec allowlist could miss side effects from transparent command wrappers Low
GHSA-wrr6-p5r6-474m was published for openclaw (npm) Jun 16, 2026 withdrawn
OpenClaw: Exec allowlist could miss side effects from transparent command wrappers Low
CVE-2026-53848 was published for openclaw (npm) Jun 18, 2026
nayakchinmohan Credited to nayakchinmohan
Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247 Low
GHSA-8678-w3jw-xfc2 was published for nokogiri (RubyGems) Jun 19, 2026
bilerden Credited to bilerden
ProTip! Advisories are also available from the GraphQL API