GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,296
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247
Low
GHSA-8678-w3jw-xfc2
was published
for
nokogiri
(RubyGems)
Jun 19, 2026
OpenClaw: Exec allowlist could miss side effects from transparent command wrappers
Low
CVE-2026-53848
was published
for
openclaw
(npm)
Jun 18, 2026
Duplicate Advisory: Exec allowlist could miss side effects from transparent command wrappers
Low
GHSA-wrr6-p5r6-474m
was published
for
openclaw
(npm)
Jun 16, 2026
•
withdrawn
Bleach: URI sanitization allows disallowed URI schemes with Unicode > U+00A0 in output
Low
GHSA-8rfp-98v4-mmr6
was published
for
bleach
(pip)
Jun 16, 2026
Symfony's HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite — `javascript`: URI Survives Sanitization (XSS)
Low
CVE-2026-45753
was published
for
symfony/html-sanitizer
(Composer)
May 28, 2026
OpenClaw before 2026.4.20 contains a message classification vulnerability in Feishu card-action...
Low
Unreviewed
CVE-2026-44993
was published
May 11, 2026
OpenClaw: GIT_DIR and related git plumbing env vars missing from exec env denylist (GHSA-m866-6qv5-p2fg variant)
Low
CVE-2026-41915
was published
for
openclaw
(npm)
Apr 9, 2026
Kimai leaks API Token Hash via Invoice Twig Template
Low
GHSA-rh42-6rj2-xwmc
was published
for
kimai/kimai
(Composer)
Apr 14, 2026
Beszel has an IDOR in hub API endpoints that read system ID from URL parameter
Low
CVE-2026-40077
was published
for
github.com/henrygd/beszel
(Go)
Apr 10, 2026
OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags
Low
CVE-2026-31996
was published
for
openclaw
(npm)
Feb 19, 2026
OpenClaw macOS companion app (beta): allowlist parsing mismatch for system.run shell chains
Low
CVE-2026-31993
was published
for
openclaw
(npm)
Mar 2, 2026
Fickling has a detection bypass via stdlib network-protocol constructors
Low
GHSA-83pf-v6qq-pwmr
was published
for
fickling
(pip)
Feb 20, 2026
Improper Validation of Query Parameters in Auth0 Next.js SDK
Low
CVE-2025-67716
was published
for
@auth0/nextjs-auth0
(npm)
Dec 10, 2025
PrestaShop Checkout Target PayPal merchant account hijacking from backoffice
Low
CVE-2025-61924
was published
for
prestashop/ps_checkout
(Composer)
Oct 16, 2025
A vulnerability in the OTRS Admin Interface and Agent Interface (versions before OTRS 8) allow...
Low
Unreviewed
CVE-2025-24388
was published
Jun 16, 2025
Wasmtime doesn't fully sandbox all the Windows device filenames
Low
CVE-2024-51745
was published
for
wasmtime
(Rust)
Nov 5, 2024
Ankitects Anki LaTeX Blocklist Bypass vulnerability
Low
CVE-2024-32152
was published
for
anki
(pip)
Jul 22, 2024
ProTip!
Advisories are also available from the
GraphQL API