Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

17 advisories

Loading
Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247 Low
GHSA-8678-w3jw-xfc2 was published for nokogiri (RubyGems) Jun 19, 2026
bilerden Credited to bilerden
OpenClaw: Exec allowlist could miss side effects from transparent command wrappers Low
CVE-2026-53848 was published for openclaw (npm) Jun 18, 2026
nayakchinmohan Credited to nayakchinmohan
Duplicate Advisory: Exec allowlist could miss side effects from transparent command wrappers Low
GHSA-wrr6-p5r6-474m was published for openclaw (npm) Jun 16, 2026 withdrawn
Bleach: URI sanitization allows disallowed URI schemes with Unicode > U+00A0 in output Low
GHSA-8rfp-98v4-mmr6 was published for bleach (pip) Jun 16, 2026
nicolas-grekas Credited to nicolas-grekas
boy-hack Credited to boy-hack
Kimai leaks API Token Hash via Invoice Twig Template Low
GHSA-rh42-6rj2-xwmc was published for kimai/kimai (Composer) Apr 14, 2026
hett-patell Credited to hett-patell
Beszel has an IDOR in hub API endpoints that read system ID from URL parameter Low
CVE-2026-40077 was published for github.com/henrygd/beszel (Go) Apr 10, 2026
marduc812 Credited to marduc812, kodareef5, and lakshayyverma kodareef5 kodareef5
lakshayyverma lakshayyverma
OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags Low
CVE-2026-31996 was published for openclaw (npm) Feb 19, 2026
nedlir Credited to nedlir
OpenClaw macOS companion app (beta): allowlist parsing mismatch for system.run shell chains Low
CVE-2026-31993 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
Fickling has a detection bypass via stdlib network-protocol constructors Low
GHSA-83pf-v6qq-pwmr was published for fickling (pip) Feb 20, 2026
NucleiAv Credited to NucleiAv
Improper Validation of Query Parameters in Auth0 Next.js SDK Low
CVE-2025-67716 was published for @auth0/nextjs-auth0 (npm) Dec 10, 2025
MegaManSec Credited to MegaManSec
PrestaShop Checkout Target PayPal merchant account hijacking from backoffice Low
CVE-2025-61924 was published for prestashop/ps_checkout (Composer) Oct 16, 2025
iNem0o Credited to iNem0o
Wasmtime doesn't fully sandbox all the Windows device filenames Low
CVE-2024-51745 was published for wasmtime (Rust) Nov 5, 2024
nathaniel-daniel Credited to nathaniel-daniel
Ankitects Anki LaTeX Blocklist Bypass vulnerability Low
CVE-2024-32152 was published for anki (pip) Jul 22, 2024
Jayy001 Credited to Jayy001
ProTip! Advisories are also available from the GraphQL API